Multiple vulnerabilities in Intel Graphics Software
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-37355 CVE-2024-38310 CVE-2024-42410 |
| CWE-ID | CWE-284 CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
7th Gen Intel Core Processors Hardware solutions / Firmware 8th Gen Intel Core processor Hardware solutions / Firmware 10th Generation Intel Core Processors Hardware solutions / Firmware Intel Core Processors with Intel Hybrid Technology Hardware solutions / Firmware Intel Atom Processors Hardware solutions / Firmware Intel Pentium Processors Hardware solutions / Firmware Intel Celeron Processors Hardware solutions / Firmware 11th Generation Intel Core Processors Hardware solutions / Firmware 12th Generation Intel Core Processors Hardware solutions / Firmware 13th Generation Intel Core Processors Hardware solutions / Firmware 14th Generation Intel Core Processors Hardware solutions / Firmware Intel Iris Xe Dedicated Graphics Hardware solutions / Firmware Intel Arc Pro Graphics family Hardware solutions / Firmware Intel Data Center GPU Flex 140 Hardware solutions / Firmware Intel Data Center GPU Flex 170 Hardware solutions / Firmware 9th Generation Intel Core Processors Client/Desktop applications / Web browsers Intel Arc Graphics family Hardware solutions / Drivers Intel Core Ultra processor Hardware solutions / Drivers Intel Arc & Iris Xe Graphics for Windows Hardware solutions / Drivers Intel Arc Pro Graphics for Windows Hardware solutions / Drivers Intel Data Center GPU Flex for Windows Hardware solutions / Drivers Intel Graphics Driver for Windows Client/Desktop applications / Virtualization software |
| Vendor | Intel |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper access control
EUVDB-ID: #VU103981
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-37355
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versions7th Gen Intel Core Processors: All versions
8th Gen Intel Core processor: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
Intel Atom Processors: All versions
Intel Pentium Processors: All versions
Intel Celeron Processors: All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
13th Generation Intel Core Processors: All versions
14th Generation Intel Core Processors: All versions
Intel Iris Xe Dedicated Graphics: All versions
Intel Arc Graphics family: All versions
Intel Core Ultra processor: All versions
Intel Arc Pro Graphics family: All versions
Intel Data Center GPU Flex 140: All versions
Intel Data Center GPU Flex 170: All versions
Intel Graphics Driver for Windows: before 31.0.101.2130
Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5768
Intel Arc Pro Graphics for Windows: before 31.0.101.5978
Intel Data Center GPU Flex for Windows: before 31.0.101.5768
CPE2.3- cpe:2.3:h:intel:7th_gen_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:14th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_iris_xe_dedicated_graphics:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_graphics_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_140:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_170:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:intel_graphics_driver_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_and_iris_xe_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_for_windows:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU103982
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38310
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versions7th Gen Intel Core Processors: All versions
8th Gen Intel Core processor: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
Intel Atom Processors: All versions
Intel Pentium Processors: All versions
Intel Celeron Processors: All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
13th Generation Intel Core Processors: All versions
14th Generation Intel Core Processors: All versions
Intel Iris Xe Dedicated Graphics: All versions
Intel Arc Graphics family: All versions
Intel Core Ultra processor: All versions
Intel Arc Pro Graphics family: All versions
Intel Data Center GPU Flex 140: All versions
Intel Data Center GPU Flex 170: All versions
Intel Graphics Driver for Windows: before 31.0.101.2130
Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5768
Intel Arc Pro Graphics for Windows: before 31.0.101.5978
Intel Data Center GPU Flex for Windows: before 31.0.101.5768
CPE2.3- cpe:2.3:h:intel:7th_gen_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:14th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_iris_xe_dedicated_graphics:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_graphics_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_140:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_170:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_and_iris_xe_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_for_windows:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU103983
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42410
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versions7th Gen Intel Core Processors: All versions
8th Gen Intel Core processor: All versions
9th Generation Intel Core Processors: All versions
10th Generation Intel Core Processors: All versions
Intel Core Processors with Intel Hybrid Technology: All versions
Intel Atom Processors: All versions
Intel Pentium Processors: All versions
Intel Celeron Processors: All versions
11th Generation Intel Core Processors: All versions
12th Generation Intel Core Processors: All versions
13th Generation Intel Core Processors: All versions
14th Generation Intel Core Processors: All versions
Intel Iris Xe Dedicated Graphics: All versions
Intel Arc Graphics family: All versions
Intel Core Ultra processor: All versions
Intel Arc Pro Graphics family: All versions
Intel Data Center GPU Flex 140: All versions
Intel Data Center GPU Flex 170: All versions
Intel Graphics Driver for Windows: before 31.0.101.2130
Intel Arc & Iris Xe Graphics for Windows: before 31.0.101.5768
Intel Arc Pro Graphics for Windows: before 31.0.101.5978
Intel Data Center GPU Flex for Windows: before 31.0.101.5768
CPE2.3- cpe:2.3:h:intel:7th_gen_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:8th_gen_intel_core_processor:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:9th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:10th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_processors_with_intel_hybrid_technology:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_atom_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_pentium_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_celeron_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:11th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:12th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:13th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:14th_generation_intel_core_processors:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_iris_xe_dedicated_graphics:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_graphics_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_core_ultra_processor:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_family:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_140:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_170:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_and_iris_xe_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_arc_pro_graphics_for_windows:*:*:*:*:*:*:*:*
- cpe:2.3:h:intel:intel_data_center_gpu_flex_for_windows:*:*:*:*:*:*:*:*
https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01235.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
