SB2025051567 - Multiple vulnerabilities in Intel Graphics software

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025051567

SB2025051567 - Multiple vulnerabilities in Intel Graphics software

Published: May 15, 2025

Security Bulletin ID SB2025051567
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2025-20101)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.


2) Untrusted Pointer Dereference (CVE-ID: CVE-2025-20018)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference error. A local user can execute arbitrary code with elevated privileges.


3) Link following (CVE-ID: CVE-2025-20003)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure link following in software installer. A local user can create a symbolic link to a critical file on the system and overwrite it with elevated privileges.


4) Improper access control (CVE-ID: CVE-2025-20052)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper access restrictions. A local user can perform a denial of service (DoS) attack.


5) Untrusted search path (CVE-ID: CVE-2025-21099)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.


6) Untrusted search path (CVE-ID: CVE-2025-20041)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to usage of an untrusted search path. A local user can place a malicious binary into a specific location on the system and execute arbitrary code with escalated privileges.


7) NULL pointer dereference (CVE-ID: CVE-2025-20071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A local user can perform a denial of service (DoS) attack.


8) Input validation error (CVE-ID: CVE-2025-20031)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References