20 Vulnerabilities in Intel Graphics Driver for Windows (CVE-2018-12214)
NEWS

20 Vulnerabilities in Intel Graphics Driver for Windows (CVE-2018-12214)

20 vulnerabilities have been fixed in the Intel Graphics Driver for Windows.

The flaws could lead to a range of attacks such as escalation of privilege, denial of service and information disclosure. It should be mentioned that local access to the system is required for an attack to take place.




Multiple potential security vulnerabilities in Intel Graphics Driver for Windows

According to Intel’s summary of the vulnerabilities, multiple potential security vulnerabilities in Intel Graphics Driver for Windows may allow escalation of privileges, denial of service or information disclosure.

Of the vulnerabilities, CVE-2018-12214 and CVE-2018-12216 are rated high in impact, with the rest having a medium or low rating.

CVE-2018-12214 is associated with potential memory corruption in Kernel Mode Driver in Intel Graphics for Windows prior to versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373, as per the advisory.

CVE-2018-12216 is associated with insufficient input validation in Kernel Mode Driver in Intel Graphics Driver for Windows before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373. The vulnerability potentially enables a privileged user to execute arbitrary code via local access via local access.

The other 18 vulnerabilities were low and medium in impact, and could be exploited locally in simple attacks with no user interaction. The only two flaws needing user interaction are CVE-2018-18090 and CVE-2018-18091 that could lead to denial-of-service attacks.

Related:
Yet another chip vulnerability has been discovered, CVE-2018-3665, which has been called Floating Point Lazy State Save/Restore.
CVE-2018-3665 Vulnerability Found in Intel Core and Xeon Processors.

What products are affected?

Intel Graphics Driver for Windows before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 are affected by the 20 security flaws, so patching is required as soon as possible.

Intel follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed, the advisory said.

Individuals who have information about a security issue or vulnerability with an Intel branded product or technology are urged to send an e-mail to [email protected]

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...