Intel Squashes High-Severity Graphics Driver Flaws

  • Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.

    Intel has issued fixes for five superior-severity vulnerabilities in its graphics motorists. Attackers can exploit these flaws to start an array of malicious attacks – these types of as escalating their privileges, stealing sensitive info or launching denial-of-provider assaults.

    The graphics driver is software package that controls how graphic parts do the job with the rest of the personal computer. Intel develops graphics drivers for Windows OS to connect with specific Intel graphics products, for instance. The most really serious of the flaws in Intel’s graphics drivers (CVE-2020-0544), which ranks 8.8 out of 10 on the CVSS scale, stems from the kernel mode driver, which is the piece of a graphics driver that executes any instruction it demands on the CPU without waiting, and can reference any memory tackle that is readily available.

    This flaw stems from inadequate regulate-stream management in Intel graphics motorists prior to edition 15.36.39.5145. The flaw can help a consumer to escalate their privileges – having said that, an attacker would will need to be authenticated and have community entry to the system, stated Intel.

    A further privilege-escalation issue (CVE-2020-0521) stemming from insufficient manage-circulation administration was set in Intel graphics drivers (also in advance of version 15.45.32.5145). To exploit this flaw, an attacker would also will need to be authenticated and have regional accessibility.

    Intel also warned of a use-following-totally free bug (CVE-2020-12361), an incorrect ailments-test dilemma (CVE-2020-24450) and an integer-overflow vulnerability (CVE-2020-12362) in its graphics motorists. The latter could permit denial-of-service (DoS) attacks on afflicted gadgets.

    Intel Server Boards and Compute Modules Flaws

    Intel also patched two significant-severity flaws in its server boards, server devices and compute modules. Precisely affected are the Intel Server Method R1000WF and R2000WF households Intel Server Board S2600WF relatives, Intel Server Board S2600ST relatives and Intel Server Board S2600BP household and Intel Compute Module HNS2600BP relatives.

    1 of these flaws is a buffer-overflow issue (CVE-2020-12373) in the Baseboard Management Controller (BMC) firmware for some Intel server boards, server devices and compute modules. The 2nd vulnerability is an inadequate input validation gap (CVE-2020-12377) in the BMC firmware. Both flaws exist just before model 2.47 and could “allow an authenticated consumer to potentially help escalation of privilege by way of community accessibility.”

    Other Intel Security Vulnerabilities

    Intel also preset a significant-severity flaw in its XMM 7360 modem, which converts info from a digital structure into a format for a transmission medium. It’s made use of for LTE 4G smartphones and tablets.

    “Improper buffer restrictions in firmware for Intel 7360 Cell Modem right before UDE variation 9.4.370 might make it possible for unauthenticated users to probably help denial-of-service by using network access,” reported Intel.

    The other substantial-severity flaw exists in Intel’s SSD Toolbox. This toolbox allows Windows buyers to update the firmware and run diagnostic assessments on an Intel reliable-state drive (SSD). In accordance to Intel, the vulnerability stems from incorrect default permissions in the installer of the Intel SSD Toolbox, and may well empower a privileged person to possibly allow area privilege escalation.

    The fixes finish a dry spell in security updates for Intel, which has not disclosed any patched vulnerabilities given that November. At that time, Intel issued a colossal security update addressing flaws throughout a myriad of items – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in purchase to achieve escalated privileges.

    Is your organization an quick mark? Save your spot for “15 Cybersecurity Gaffes SMBs Make,” a FREE Threatpost webinar on Feb. 24 at 2 p.m. ET. Cybercriminals count on you earning these problems, but our authorities will enable you lock down your tiny- to mid-sized business enterprise like it was a Fortune 100. Register here for the Wed., Feb. 24 Dwell webinar.