Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service (DoS) and information disclosure.
The graphics driver is software that controls how graphic components work with the rest of the computer. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. In addition to these six high-severity flaws, Intel stomped out 17 vulnerabilities overall in its graphics drivers on Tuesday. Separately, Intel addressed a load value injection (LVI) vulnerability (CVE-2020-0551), which it ranked as medium severity, that researchers say could allow attackers to steal sensitive data.
The most severe of these is a buffer-overflow vulnerability (CVE-2020-0504) existing in Intel graphic drivers before versions 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. The flaw scores 8.4 out of 10 on the CVSS scale, making it high-severity. If exploited, this flaw “may allow an authenticated user to potentially enable a denial of service via local access,” said Intel.
A buffer overflow is a type of flaw where a buffer (a region in physical memory storage used to temporarily store data while it is being moved) that can be overwritten is allocated in the heap portion of memory (a region of process’s memory which is used to store dynamic variables). That excess data in turn corrupts nearby space in memory and could alter other data, opening the door for malicious attacks. Another buffer overflow flaw (CVE-2020-0501) was addressed in the graphics driver (before version 26.20.100.6912) that could also open the it up to a DoS attack by an authenticated user with local access.
Intel also addressed two high-severity improper access control flaws (CVE-2020-0516 and CVE-2020-0519) in its graphics drivers that could give authenticated attackers (with local access) escalated privileges or enable them to launch a DoS attack. And, it patched a high-severity path traversal flaw (CVE-2020-0520) in the igdkmd64.sys file of the graphics drivers (before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100), which could enable privilege escalation or DoS; and an improper conditions check glitch (CVE-2020-0505) in the graphic driver (before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103 and 26.20.100.7212) that may enable information disclosure and DoS.
It’s not the first time flaws have been discovered in discovered in Intel’s graphics drivers. A year ago, Intel patched 19 vulnerabilities, including two high-severity flaws CVE-2018-12216 and CVE-2018-12214 that could both allow a privileged user to execute arbitrary code via local access.
Other Products, Other High-Severity Flaws
In its Tuesday security advisory, Intel addressed CVE-2020-0551, a new class of transient-execution attacks that exploit microarchitectural flaws to inject attacker data into a program and steal sensitive data and keys from Intel SGX (or Intel Software Guard eXtensions; which is processor technology released in 2015 to create isolated environments in the computer’s memory).
“LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations,” according to researchers who discovered the flaw in a Tuesday post. “Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — ‘inject’ — the attacker’s data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim’s fingerprints or passwords.”
Intel for its part rated the vulnerability medium severity and said in a separate post: “Due to the numerous complex requirements that must be satisfied to successfully carry out the LVI method, Intel does not believe LVI is a practical exploit in real world environments where the OS and VMM are trusted.”
Intel also released patches for high-severity flaws affecting its Next Unit Computing (NUC) mini PC firmware (which has been found to be vulnerable to various flaws in the past). These flaws include an improper buffer restriction (CVE-2020-0530) in the NUC firmware that “may allow an authenticated user to potentially enable escalation of privilege via local access,” according to Intel. And, an improper input validation in the NUC firmware (CVE-2020-0526) could enable allow a privileged user with local access to enable escalation of privilege. A full list of affected NUC versions can be found here.
Another high-severity vulnerability was address in BlueZ, the pairing communications Bluetooth stack for major Linux distributions that supports Bluetooth protocols and layers. Intel is a leading contributor to the BlueZ project, employing currently all but one of the maintainers. According to Intel, an improper access control flaw in the subsystem of BlueZ (before version 5.53) could allow an unauthenticated user with adjacent access to achieve escalation of privilege and launch DoS attacks.
Finally, Intel fixed a high-severity flaw in its Smart Sound Technology, which provides audio and voice processing to support “voice wake” functions in devices. The vulnerability (CVE-2020-0583) is an improper access control flaw in the subsystem for Intel’s Smart Sound Technology, which could allow an authenticated user to potentially enable escalation of privilege via local access. Versions of Smart Sound Technology before the 10th Generation Intel Core i7 Processors, version 3431; and 8th Generation Intel Core Processors, version 3349 are affected; Intel recommends that users update to the latest version provided by the system manufacturer that addresses these issues.
Interested in security for the Internet of Things and how 5G will change the threat landscape? Join our free Threatpost webinar, “5G, the Olympics and Next-Gen Security Challenges,” as our panel discusses what use cases to expect in 2020 (the Olympics will be a first test), why 5G security risks are different, the role of AI in defense and how enterprises can manage their risk. Register here.
