Intel has issued fixes for five high-severity vulnerabilities in its graphics drivers. Attackers can exploit these flaws to launch an array of malicious attacks – such as escalating their privileges, stealing sensitive data or launching denial-of-service attacks.
The graphics driver is software that controls how graphic components work with the rest of the computer. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. The most serious of the flaws in Intel’s graphics drivers (
CVE-2020-0544), which ranks 8.8 out of 10 on the CVSS scale, stems from the kernel mode driver, which is the piece of a graphics driver that executes any instruction it needs on the CPU without waiting, and can reference any memory address that is available.
This flaw stems from insufficient control-flow management in Intel graphics drivers prior to version 15.36.39.5145. The flaw can enable a user to escalate their privileges – however, an attacker would need to be authenticated and have local access to the device, said Intel.
Another privilege-escalation issue (
CVE-2020-0521) stemming from insufficient control-flow management was fixed in Intel graphics drivers (also before version 15.45.32.5145). To exploit this flaw, an attacker would also need to be authenticated and have local access.
Intel also warned of a use-after-free bug (
CVE-2020-12361), an improper conditions-check problem (
CVE-2020-24450) and an integer-overflow vulnerability (
CVE-2020-12362) in its graphics drivers. The latter could enable denial-of-service (DoS) attacks on affected devices.
threatpost.com
