Incorrect default permissions in Intel products - CVE-2020-0508
Published: March 16, 2020
Vulnerability identifier: #VU26101
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-0508
CWE-ID: CWE-276
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Intel
Affected software:
3rd Generation Intel Core Processors
4th generation Intel Core processors
5th generation Intel Core processors
6th Generation Intel Core Processors
7th Generation Intel Core Processors
8th Generation Intel Core Processors
10th Generation Intel Core Processors
9th Generation Intel Core Processors
3rd Generation Intel Core Processors
4th generation Intel Core processors
5th generation Intel Core processors
6th Generation Intel Core Processors
7th Generation Intel Core Processors
8th Generation Intel Core Processors
10th Generation Intel Core Processors
9th Generation Intel Core Processors
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in the installer for several Intel Graphics Drivers. A local user with access to the system can view contents of files and directories or modify them.
How to mitigate CVE-2020-0508
Install updates from vendor's website.