Multiple vulnerabilities in Intel Graphics driver and software



Risk Low
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2024-45333
CVE-2024-36292
CVE-2024-45371
CVE-2024-47800
CVE-2024-46895
CVE-2024-28954
CVE-2024-29222
CVE-2024-39758
CVE-2024-31150
CVE-2024-43101
CWE-ID CWE-284
CWE-119
CWE-426
CWE-276
CWE-787
CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Intel Data Center GPU Flex Series for Windows driver
Hardware solutions / Drivers

Intel Arc & Iris Xe Graphics for Windows driver
Hardware solutions / Drivers

Intel 7th-10th Gen Processor Graphics for Windows
Hardware solutions / Drivers

Vendor Intel

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Improper access control

EUVDB-ID: #VU109226

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45333

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions. A local user can gain access to sensitive information of crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Data Center GPU Flex Series for Windows driver: before 31.0.101.4314

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU109227

Risk: Low

CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36292

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A local user can trigger memory corruption and crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Data Center GPU Flex Series for Windows driver: before 31.0.101.4314

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

EUVDB-ID: #VU109228

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45371

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions. A local user can crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Arc & Iris Xe Graphics for Windows driver: before 32.0.101.6077

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Untrusted search path

EUVDB-ID: #VU109229

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47800

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel 7th-10th Gen Processor Graphics for Windows: before 31.0.101.2130

Intel Arc & Iris Xe Graphics for Windows driver: before 32.0.101.5736

Intel Data Center GPU Flex Series for Windows driver: before 31.0.101.4314

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Untrusted search path

EUVDB-ID: #VU109230

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46895

CWE-ID: CWE-426 - Untrusted Search Path

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Arc & Iris Xe Graphics for Windows driver: before 32.0.101.5736

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Incorrect default permissions

EUVDB-ID: #VU109231

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-28954

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel 7th-10th Gen Processor Graphics for Windows: before 31.0.101.2130

Intel Arc & Iris Xe Graphics for Windows driver: before 32.0.101.5736

Intel Data Center GPU Flex Series for Windows driver: before 31.0.101.4314

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU109232

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-29222

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel 7th-10th Gen Processor Graphics for Windows: before 31.0.101.2130

Intel Arc & Iris Xe Graphics for Windows driver: before 32.0.101.5736

Intel Data Center GPU Flex Series for Windows driver: before 31.0.101.4314

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper access control

EUVDB-ID: #VU109233

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-39758

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions. A local user can crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Arc & Iris Xe Graphics for Windows driver: before 31.0.101.4032

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds read

EUVDB-ID: #VU109234

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-31150

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel 7th-10th Gen Processor Graphics for Windows: before 31.0.101.2130

Intel Arc & Iris Xe Graphics for Windows driver: before 32.0.101.5736

Intel Data Center GPU Flex Series for Windows driver: before 31.0.101.4314

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper access control

EUVDB-ID: #VU109235

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43101

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions. A local user can crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Intel Data Center GPU Flex Series for Windows driver: before 31.0.101.4255

CPE2.3 External links

https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###