Multiple vulnerabilities in Intel Graphics software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2024-38665 CVE-2024-23919 CVE-2024-34023 CVE-2024-34170 |
| CWE-ID | CWE-787 CWE-119 CWE-822 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Intel Graphics Driver for Windows Client/Desktop applications / Virtualization software Intel Arc & Iris Xe Graphics for Windows Hardware solutions / Drivers Intel Arc Pro Graphics for Windows Hardware solutions / Drivers Intel Data Center GPU Flex for Windows Hardware solutions / Drivers Intel Media Driver for VAAPI Hardware solutions / Drivers |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU101937
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38665
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code with escalated privileges.
Install updates from vendor's website.
Vulnerable software versionsIntel Graphics Driver for Windows: 31.0.101.2121 - 31.0.101.2127
Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5518
Intel Arc Pro Graphics for Windows: before 31.0.101.5525
Intel Data Center GPU Flex for Windows: before 31.0.101.5522
Intel Media Driver for VAAPI: before 24.1.1
CPE2.3- cpe:2.3:a:intel:intel_graphics_driver_for_windows:31.0.101.2127:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_and_iris_xe_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_media_driver_for_vaapi:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01132.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU101938
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23919
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsIntel Graphics Driver for Windows: 31.0.101.2121 - 31.0.101.2127
Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5518
Intel Arc Pro Graphics for Windows: before 31.0.101.5525
Intel Data Center GPU Flex for Windows: before 31.0.101.5522
Intel Media Driver for VAAPI: before 24.1.1
CPE2.3- cpe:2.3:h:intel:intel_arc_and_iris_xe_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_media_driver_for_vaapi:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01132.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Untrusted Pointer Dereference
EUVDB-ID: #VU101939
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34023
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to untrusted pointer dereference error. A local user can perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIntel Graphics Driver for Windows: 31.0.101.2121 - 31.0.101.2127
Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5518
Intel Arc Pro Graphics for Windows: before 31.0.101.5525
Intel Data Center GPU Flex for Windows: before 31.0.101.5522
Intel Media Driver for VAAPI: before 24.1.1
CPE2.3- cpe:2.3:h:intel:intel_arc_and_iris_xe_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_media_driver_for_vaapi:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01132.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU101940
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-34170
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsIntel Graphics Driver for Windows: 31.0.101.2121 - 31.0.101.2127
Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5518
Intel Arc Pro Graphics for Windows: before 31.0.101.5525
Intel Data Center GPU Flex for Windows: before 31.0.101.5522
Intel Media Driver for VAAPI: before 24.1.1
CPE2.3- cpe:2.3:h:intel:intel_arc_and_iris_xe_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_media_driver_for_vaapi:*:*:*:*:*:*:*:*
http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01132.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
