Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0149 Intel Graphics Driver for Windows* 2019.1 QSR Advisory 23 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Graphics Driver for Windows Operating System: Windows Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0116 CVE-2019-0115 CVE-2019-0114 CVE-2019-0113 Member content until: Saturday, June 22 2019 OVERVIEW Intel has discovered vulnerabilities in the following products - Intel Graphics Driver for Windows published in 2019.1 QSR Advisory [1] IMPACT Intel has provided the folllowing information regarding the vulnerabilities: " Intel ID: INTEL-SA-00218 Advisory Category: Software Impact of vulnerability : Denial of Service Severity rating : MEDIUM Original release: 05/14/2019 Last revised: 05/22/2019 Summary: Multiple potential security vulnerabilities in Intel Graphics Driver for Windows* may allow denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2019-0113 Description: Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access. CVSS Base Score: 3.2 Low CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L CVEID: CVE-2019-0114 Description: A race condition in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access. CVSS Base Score: 3.2 Low CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L CVEID: CVE-2019-0115 Description: Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access. CVSS Base Score: 5.9 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H CVEID: CVE-2019-0116 Description: An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow a privileged user to potentially enable denial of service via local access. CVSS Base Score: 5.0 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: 4 ^ th Generation Intel Core/ Pentium/ Xeon (E3 v3 only) Processor (Haswell) systems running Windows 7 or Windows 8.1 with Intel Graphics Driver for Windows* before versions 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069). 3 ^ rd Generation Intel Core / Pentium/ Celeron/ Xeon (E3 v2 only) Processor (Ivybridge) systems with Intel Graphics Driver for Windows* before versions 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069). Intel Pentium/ Celeron/ Atom Processor (Baytrail) systems with Intel Graphics Driver for Windows* before versions 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069)." MITIGATION Intel advises: "Intel recommends updating the Intel Graphics Driver for Windows* to the latest version. Updates are available for download at this location: https://downloadcenter.intel.com/product/80939/Graphics-Drivers " REFERENCES [1] Intel Graphics Driver for Windows* 2019.1 QSR Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXOY9e2aOgq3Tt24GAQhEwhAAr4f7mLFuEq7cFKDoH8FNhGN3N0+zVg4j 21/FRtUauUhHV0+K66WcTxqMn/mJ2S2LWmQNLoWDTdMJKhUyyjRS0C1GeaYhv8hC O61jZ4ftMFPoK2NOBR/rVzY8t4bxZFD8RWaGHXKv1n4S2BtlTF99Q22/E5eU3vLU CsPac2Dezbtd5FJwMg7NnpbrmBMJTgL5b/xbUd7eiCzS+3QFo9we7Ye5aOmW5t3i R9wVWKemxgVlLASZTRuEwiC/6V/CXUu1mdJdsyCSN4pXM1gsX16aZK4UQ3/eOaKX GLESr7jRL4RYnoHikJPKhltPD4GJF5akhfM+DX8p2169nMVNzRaO8iGM7DBWh82J focH5dsC8MFni4DTvvL/8tkPDjeeMnXFv2uSi+iV/I81UHKEXxcTIyFSg9/TnQUK gI/B0ZkslPTFvthCJ4eRqjQYaYFikmdUPszX9cX7U8CvkJ7x9anhyubJz+1MhvgL cqL0hTQTIKS277GksSIJdQft9ro+qA52rCz0C2r7DndzcL5jD3KfV94oiXsVX6C0 OqnesbrkbJWSAI7DnGk1boxTqxmFzBgVo1hTw6/ABx3XF3QBLXvDnmAbuwIqDKry oFQSAzLFeeQyHMZVMK+ySGphaQF+rHGvmtTRn0oPaZ4L2zQAYy084MU4Ff9nMvgf O7icNzLhq+E= =+xvs -----END PGP SIGNATURE-----