Intel detected security flaws within its graphics drivers and other products (INTEL-SA-00315 & INTEL-SA-00438). Five high-severity flaws need patching. These security bugs allow attackers to launch malicious attacks like denial-of-service attacks, stealing your personal data and leverage their privileges.
⚡ TL;DR | Go Straight to the Intel Graphics Drivers Vulnerability Audit Report.
Intel Graphics Drivers Flaws
This is one of the most severe flaws in Intel's graphic drivers (CVE-2020-0544) with a score of 8,8/10 on the CVSS scale. This flaw can be found in the kernel-mode driver (chipset key) which is being used to execute any instruction it needs on the CPU without waiting. The flaw comes from inadequate control-flow management within the Intel graphics drivers before version 184.108.40.20645.
CVE-2020-0521 is a privilege escalation issue within the graphic drivers. It's an Intel driver flaw that also stems from insufficient control flow management. However, in order for an attacker to exploit this vulnerability, he will need to be authenticated and have local access to the system.
Intel also said that there is a use-after-free bug in its graphic driver known as CVE-2020-12361. A use-after-free vulnerability refers to the attempt from an attacker to access memory after it's freed. After freeing a memory location, the attacker can use this error to hack the driver.
CVE-2020-24450 is is an improper conditions-check problem that may allow a privileged user to potentially enable escalation of privilege via local access caused by an Intel driver flaw.
CVE-2020-12362 is an integer overflow vulnerability that is created by misuse of variable types and can be exploited to bypass protections. This could enable a DoS (denial-of-service) attack on the infected systems.
Get Started with IT Asset Management 2.0
Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.
CVE-2020-24462 is an Out of Bounds write within the Intel Graphics Driver which could allow an authenticated user to enable an escalation of privilege. This occurs with versions before 220.127.116.1161, 18.104.22.16862, 22.214.171.12466, 126.96.36.19964 and 188.8.131.5236.
CVE-2020-8678 could allow for improper access control for the Intel Graphics Drivers which may allow an authenticated user to enable a Denial of Service (DoS).
Intel Server Boards, Compute Models, and Modems Flaws
CVE-2020-12373 is a buffer overflow issue which means that memory storage regions that temporarily hold data while it's being transferred between locations. This transaction could overwrite the executable code which could cause the driver to become unstable, generate memory access errors, or crash.
CVE-2020-12377 is an improper input validation issue that is caused when the driver doesn't validate (or incorrectly validates) input that can affect the control flow of the driver.
Run the Intel Graphics Drivers Vulnerability Audit
Our security experts have issued a dedicated INTEL-SA-00315 & INTEL-SA-00438 Audit Report that gives you an overview of all affected devices and their patch status.