Improper access control in Intel Graphics Driver for Linux and Intel Graphics Driver for Windows

#VU22755 Improper access control in Intel Graphics Driver for Linux and Intel Graphics Driver for Windows

Published: 2019-11-13

Vulnerability identifier: #VU22755

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-0155

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Intel Graphics Driver for Linux
Hardware solutions / Drivers
Intel Graphics Driver for Windows
Client/Desktop applications / Virtualization software

Vendor: Intel

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions in Intel GPU subsystem. A local unprivileged user can perform blitter manipulation manipulation and write data to arbitrary location in kernel memory. As a result a local authenticated user can execute arbitrary code on the system with superuser privileges.

This vulnerability affects the following Intel products:

- 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families

- Intel(R) Pentium(R) Processor J, N, Silver and Gold Series

- Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series

- Intel(R) Atom(R) Processor A and E3900 Series

- Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families

- Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077)

- i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Intel Graphics Driver for Linux: All versions

Intel Graphics Driver for Windows: 15.33 - 15.49