Intel Releases Patch For High Severity Flaws in Graphics Drivers

Intel detected security flaws within its graphics drivers and other products (INTEL-SA-00315 & INTEL-SA-00438). Five high-severity flaws need patching. These security bugs allow attackers to launch malicious attacks like denial-of-service attacks, stealing your personal data and leverage their privileges.

⚡ TL;DR | Go Straight to the Intel Graphics Drivers Vulnerability Audit Report.

Intel Graphics Drivers Flaws

CVE-2020-0544

This is one of the most severe flaws in Intel's graphic drivers (CVE-2020-0544) with a score of 8,8/10 on the CVSS scale. This flaw can be found in the kernel-mode driver (chipset key) which is being used to execute any instruction it needs on the CPU without waiting. The flaw comes from inadequate control-flow management within the Intel graphics drivers before version 15.36.39.5145.

CVE-2020-0521

CVE-2020-0521 is a privilege escalation issue within the graphic drivers. It's an Intel driver flaw that also stems from insufficient control flow management. However, in order for an attacker to exploit this vulnerability, he will need to be authenticated and have local access to the system.

CVE-2020-12361

Intel also said that there is a use-after-free bug in its graphic driver known as CVE-2020-12361. A use-after-free vulnerability refers to the attempt from an attacker to access memory after it's freed. After freeing a memory location, the attacker can use this error to hack the driver.

CVE-2020-24450

CVE-2020-24450 is is an improper conditions-check problem that may allow a privileged user to potentially enable escalation of privilege via local access caused by an Intel driver flaw.

CVE-2020-12362

CVE-2020-12362 is an integer overflow vulnerability that is created by misuse of variable types and can be exploited to bypass protections. This could enable a DoS (denial-of-service) attack on the infected systems.

Get Started with IT Asset Management 2.0

Discover assets you don't even know about and learn why Lansweeper is used by thousands of organizations worldwide.

CVE-2020-24462

CVE-2020-24462 is an Out of Bounds write within the Intel Graphics Driver which could allow an authenticated user to enable an escalation of privilege. This occurs with versions before 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336.

CVE-2020-8678

CVE-2020-8678 could allow for improper access control for the Intel Graphics Drivers which may allow an authenticated user to enable a Denial of Service (DoS).

Intel Server Boards, Compute Models, and Modems Flaws

CVE-2020-12373

CVE-2020-12373 is a buffer overflow issue which means that memory storage regions that temporarily hold data while it's being transferred between locations. This transaction could overwrite the executable code which could cause the driver to become unstable, generate memory access errors, or crash.

CVE-2020-12377

CVE-2020-12377 is an improper input validation issue that is caused when the driver doesn't validate (or incorrectly validates) input that can affect the control flow of the driver.

Run the Intel Graphics Drivers Vulnerability Audit

Our security experts have issued a dedicated INTEL-SA-00315 & INTEL-SA-00438 Audit Report that gives you an overview of all affected devices and their patch status.


INTEL-SA-00315 & INTEL-SA-00438 Vulnerability - Sample Report

Receive the Latest Vulnerability Reports for FREE

  • Hidden
  • This field is for validation purposes and should be left unchanged.
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

You may also like...

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​