Multiple vulnerabilities in Intel Graphics Drivers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-0513 CVE-2020-8681 CVE-2020-0512 CVE-2020-8682 CVE-2020-8683 |
| CWE-ID | CWE-787 CWE-248 CWE-125 CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
6th Generation Intel Core Processors Hardware solutions / Firmware 7th Generation Intel Core Processors Hardware solutions / Firmware 8th Generation Intel Core Processors Hardware solutions / Firmware 3rd Generation Intel Core Processors Hardware solutions / Firmware 4th generation Intel Core processors Hardware solutions / Firmware 5th generation Intel Core processors Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
Updated 13.08.2020
Added vulnerabilities #3-5
1) Out-of-bounds write
EUVDB-ID: #VU45646
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-0513
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in some Intel Graphics Drivers. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versions6th Generation Intel Core Processors: before 15.33.50.5129
7th Generation Intel Core Processors: before 15.33.50.5129
8th Generation Intel Core Processors: before 15.33.50.5129
3rd Generation Intel Core Processors: before 15.33.50.5129
4th generation Intel Core processors: before 15.33.50.5129
5th generation Intel Core processors: before 15.33.50.5129
9th Generation Intel Core Processors: before 15.33.50.5129
10th Generation Intel Core Processors: before 15.33.50.5129
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds write
EUVDB-ID: #VU45647
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8681
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in system driver for some Intel Graphics Drivers. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versions6th Generation Intel Core Processors: before 15.33.50.5129
7th Generation Intel Core Processors: before 15.33.50.5129
8th Generation Intel Core Processors: before 15.33.50.5129
3rd Generation Intel Core Processors: before 15.33.50.5129
4th generation Intel Core processors: before 15.33.50.5129
5th generation Intel Core processors: before 15.33.50.5129
9th Generation Intel Core Processors: before 15.33.50.5129
10th Generation Intel Core Processors: before 15.33.50.5129
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Uncaught Exception
EUVDB-ID: #VU45678
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-0512
CWE-ID:
CWE-248 - Uncaught Exception
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to uncaught exception in the system driver for some Intel Graphics Drivers. A local user can cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions6th Generation Intel Core Processors: before 15.33.50.5129
7th Generation Intel Core Processors: before 15.33.50.5129
8th Generation Intel Core Processors: before 15.33.50.5129
3rd Generation Intel Core Processors: before 15.33.50.5129
4th generation Intel Core processors: before 15.33.50.5129
5th generation Intel Core processors: before 15.33.50.5129
9th Generation Intel Core Processors: before 15.33.50.5129
10th Generation Intel Core Processors: before 15.33.50.5129
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU45679
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8682
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in system driver for some Intel Graphics Drivers. A local user can trigger out-of-bounds read error and cause a denial of service condition on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versions6th Generation Intel Core Processors: before 15.33.50.5129
7th Generation Intel Core Processors: before 15.33.50.5129
8th Generation Intel Core Processors: before 15.33.50.5129
3rd Generation Intel Core Processors: before 15.33.50.5129
4th generation Intel Core processors: before 15.33.50.5129
5th generation Intel Core processors: before 15.33.50.5129
9th Generation Intel Core Processors: before 15.33.50.5129
10th Generation Intel Core Processors: before 15.33.50.5129
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU45680
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8683
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in system driver for some Intel Graphics Drivers. A local user can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions6th Generation Intel Core Processors: before 15.33.50.5129
7th Generation Intel Core Processors: before 15.33.50.5129
8th Generation Intel Core Processors: before 15.33.50.5129
3rd Generation Intel Core Processors: before 15.33.50.5129
4th generation Intel Core processors: before 15.33.50.5129
5th generation Intel Core processors: before 15.33.50.5129
9th Generation Intel Core Processors: before 15.33.50.5129
10th Generation Intel Core Processors: before 15.33.50.5129
CPE2.3- cpe:2.3:h:intel:6th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:7th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:3rd_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:4th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:5th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
