Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0149
Intel Graphics Driver for Windows* 2019.1 QSR Advisory
23 May 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel Graphics Driver for Windows
Operating System: Windows
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0116 CVE-2019-0115 CVE-2019-0114
CVE-2019-0113
Member content until: Saturday, June 22 2019
OVERVIEW
Intel has discovered vulnerabilities in the following products
- Intel Graphics Driver for Windows
published in 2019.1 QSR Advisory [1]
IMPACT
Intel has provided the folllowing information regarding the
vulnerabilities:
" Intel ID: INTEL-SA-00218
Advisory Category: Software
Impact of vulnerability : Denial of Service
Severity rating : MEDIUM
Original release: 05/14/2019
Last revised: 05/22/2019
Summary:
Multiple potential security vulnerabilities in Intel Graphics Driver for
Windows* may allow denial of service. Intel is releasing software updates to
mitigate these potential vulnerabilities.
Vulnerability Details:
CVEID: CVE-2019-0113
Description: Insufficient bounds checking in Intel(R) Graphics Drivers before
version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069)
may allow an authenticated user to potentially enable a denial of service via
local access.
CVSS Base Score: 3.2 Low
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
CVEID: CVE-2019-0114
Description: A race condition in Intel(R) Graphics Drivers before version
10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow
an authenticated user to potentially enable a denial of service via local
access.
CVSS Base Score: 3.2 Low
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
CVEID: CVE-2019-0115
Description: Insufficient input validation in KMD module for Intel(R) Graphics
Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka
15.33.x.5069) may allow an authenticated user to potentially enable denial of
service via local access.
CVSS Base Score: 5.9 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
CVEID: CVE-2019-0116
Description: An out of bound read in KMD module for Intel(R) Graphics Driver
before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka
15.33.x.5069) may allow a privileged user to potentially enable denial of
service via local access.
CVSS Base Score: 5.0 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products:
4 ^ th Generation Intel Core/ Pentium/ Xeon (E3 v3 only) Processor (Haswell)
systems running Windows 7 or Windows 8.1 with Intel Graphics Driver for
Windows* before versions 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069
(aka 15.33.x.5069).
3 ^ rd Generation Intel Core / Pentium/ Celeron/ Xeon (E3 v2 only) Processor
(Ivybridge) systems with Intel Graphics Driver for Windows* before versions
10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069).
Intel Pentium/ Celeron/ Atom Processor (Baytrail) systems with Intel Graphics
Driver for Windows* before versions 10.18.14.5067 (aka 15.36.x.5067) and
10.18.10.5069 (aka 15.33.x.5069)."
MITIGATION
Intel advises:
"Intel recommends updating the Intel Graphics Driver for Windows* to the latest
version.
Updates are available for download at this location:
https://downloadcenter.intel.com/product/80939/Graphics-Drivers "
REFERENCES
[1] Intel Graphics Driver for Windows* 2019.1 QSR Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXOY9e2aOgq3Tt24GAQhEwhAAr4f7mLFuEq7cFKDoH8FNhGN3N0+zVg4j
21/FRtUauUhHV0+K66WcTxqMn/mJ2S2LWmQNLoWDTdMJKhUyyjRS0C1GeaYhv8hC
O61jZ4ftMFPoK2NOBR/rVzY8t4bxZFD8RWaGHXKv1n4S2BtlTF99Q22/E5eU3vLU
CsPac2Dezbtd5FJwMg7NnpbrmBMJTgL5b/xbUd7eiCzS+3QFo9we7Ye5aOmW5t3i
R9wVWKemxgVlLASZTRuEwiC/6V/CXUu1mdJdsyCSN4pXM1gsX16aZK4UQ3/eOaKX
GLESr7jRL4RYnoHikJPKhltPD4GJF5akhfM+DX8p2169nMVNzRaO8iGM7DBWh82J
focH5dsC8MFni4DTvvL/8tkPDjeeMnXFv2uSi+iV/I81UHKEXxcTIyFSg9/TnQUK
gI/B0ZkslPTFvthCJ4eRqjQYaYFikmdUPszX9cX7U8CvkJ7x9anhyubJz+1MhvgL
cqL0hTQTIKS277GksSIJdQft9ro+qA52rCz0C2r7DndzcL5jD3KfV94oiXsVX6C0
OqnesbrkbJWSAI7DnGk1boxTqxmFzBgVo1hTw6/ABx3XF3QBLXvDnmAbuwIqDKry
oFQSAzLFeeQyHMZVMK+ySGphaQF+rHGvmtTRn0oPaZ4L2zQAYy084MU4Ff9nMvgf
O7icNzLhq+E=
=+xvs
-----END PGP SIGNATURE-----