SB2023111491 - Lenovo update for Intel Graphics driver

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023111491

SB2023111491 - Lenovo update for Intel Graphics driver

Published: November 14, 2023 Updated: May 21, 2025

Security Bulletin ID SB2023111491
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Unquoted Search Path or Element (CVE-ID: CVE-2023-29165)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unquoted search path or element, which leads to security restrictions bypass and privilege escalation.


2) Incorrect default permissions (CVE-ID: CVE-2023-27305)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.


3) Out-of-bounds write (CVE-ID: CVE-2023-25952)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.


4) NULL pointer dereference (CVE-ID: CVE-2022-42879)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


5) NULL pointer dereference (CVE-ID: CVE-2023-25071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


6) Out-of-bounds write (CVE-ID: CVE-2023-28401)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.


7) Out-of-bounds read (CVE-ID: CVE-2023-28404)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


Remediation

Install update from vendor's website.

References