SB2019111343 - Multiple vulnerabilities in Intel Graphics Driver for Windows and Linux
Published: November 13, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2019-0155)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in Intel GPU subsystem. A local unprivileged user can perform blitter manipulation manipulation and write data to arbitrary location in kernel memory. As a result a local authenticated user can execute arbitrary code on the system with superuser privileges.
This vulnerability affects the following Intel products:
- 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families
- Intel(R) Pentium(R) Processor J, N, Silver and Gold Series
- Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series
- Intel(R) Atom(R) Processor A and E3900 Series
- Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families
- Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077)
- i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201
2) Buffer overflow (CVE-ID: CVE-2019-11112)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812. A local user can run a specially crafted application to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
3) Pointer corruption (CVE-ID: CVE-2019-11111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074). A local authenticated user can run a specially crafted application to trigger memory corruption and execute arbitrary code on the system with elevated privileges.
4) Out-of-bounds read (CVE-ID: CVE-2019-14574)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary in a subsystem for Intel(R) Graphics Driver versions before 26.20.100.7209. A local user can run a specially crafted application to trigger out-of-bounds read error and read contents of memory on the system.
5) Improper access control (CVE-ID: CVE-2019-14590)
The vulnerability allows a local user to gain unauthorized access to sensitive information.
The vulnerability exists due to improper access restrictions in the API for the Intel(R) Graphics Driver versions before 26.20.100.7209. A local user can read sensitive data on the system.
6) Input validation error (CVE-ID: CVE-2019-14591)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the API for Intel(R) Graphics Driver versions before 26.20.100.7209. A local user can perform a denial of service attack.
7) Input validation error (CVE-ID: CVE-2019-11089)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519. A local user can perform a denial of service attack.
8) Buffer overflow (CVE-ID: CVE-2019-11113)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077). A local user can run a specially crafted application to gain access to sensitive information.
Remediation
Install update from vendor's website.