SB2025051950 - Dell update for Intel Graphics driver
Published: May 19, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Untrusted search path (CVE-ID: CVE-2024-47800)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
2) Out-of-bounds read (CVE-ID: CVE-2024-31150)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
3) Improper access control (CVE-ID: CVE-2024-39758)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A local user can crash the system.
4) Out-of-bounds write (CVE-ID: CVE-2024-29222)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
5) Incorrect default permissions (CVE-ID: CVE-2024-28954)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.
6) Untrusted search path (CVE-ID: CVE-2024-46895)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
7) Improper access control (CVE-ID: CVE-2024-45371)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A local user can crash the system.
8) Improper access control (CVE-ID: CVE-2025-20052)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions. A local user can perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2025-20031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
10) NULL pointer dereference (CVE-ID: CVE-2025-20071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A local user can perform a denial of service (DoS) attack.
11) Untrusted search path (CVE-ID: CVE-2025-20041)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
12) Untrusted search path (CVE-ID: CVE-2025-21099)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.
13) Link following (CVE-ID: CVE-2025-20003)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure link following in software installer. A local user can create a symbolic link to a critical file on the system and overwrite it with elevated privileges.
14) Untrusted Pointer Dereference (CVE-ID: CVE-2025-20018)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to untrusted pointer dereference error. A local user can execute arbitrary code with elevated privileges.
15) Out-of-bounds read (CVE-ID: CVE-2025-20101)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
Remediation
Install update from vendor's website.