SB20231123116 - Multiple vulnerabilities in Intel Graphics Drivers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20231123116

SB20231123116 - Multiple vulnerabilities in Intel Graphics Drivers

Published: November 23, 2023

Security Bulletin ID SB20231123116
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Unquoted Search Path or Element (CVE-ID: CVE-2023-29165)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unquoted search path or element, which leads to security restrictions bypass and privilege escalation.


2) Incorrect default permissions (CVE-ID: CVE-2023-27305)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.


3) Out-of-bounds write (CVE-ID: CVE-2023-25952)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.


4) NULL pointer dereference (CVE-ID: CVE-2022-42879)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


5) NULL pointer dereference (CVE-ID: CVE-2023-25071)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.


6) Out-of-bounds write (CVE-ID: CVE-2023-28401)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.


7) Out-of-bounds read (CVE-ID: CVE-2023-28404)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.


Remediation

Install update from vendor's website.

References