Operating System:

[WIN][LINUX]

Published:

13 November 2019

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ASB-2019.0321 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0321
         INTEL-SA-00260 - Intel Processor Graphics Update Advisory
                             13 November 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel Core Processor
                      Intel Pentium Processor
                      Intel Celeron Processor
                      Intel Atom Processor
                      Intel Xeon Processor
Operating System:     Windows
                      Linux variants
Impact/Access:        Denial of Service -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-0154  
Member content until: Friday, December 13 2019
Reference:            ESB-2019.4247
                      ESB-2019.4246

OVERVIEW

        Intel has discovered vulnerabilities in the following products:
         o Intel Core Processor
         o Intel Pentium Processor
         o Intel Celeron Processor
         o Intel Atom Processor
         o Intel Xeon Processor [1]


IMPACT

        Intel has provided the folllowing information regarding the 
        vulnerabilities:
        
        "Intel ID:                INTEL-SA-00260
        Advisory Category:        Firmware, Software, Hardware
        Impact of vulnerability : Denial of Service
        Severity rating :         MEDIUM
        Original release:         11/12/2019
        Last revised:             11/12/2019" [1]
        
        "CVEID: CVE-2019-0154
        
        Description: Insufficient access control in subsystem for Intel (R)
        processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) 
        Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, 
        Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 
        and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; 
        Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor 
        Families may allow an authenticated user to potentially enable 
        denial of service via local access.
        
        CVSS Base Score: 6.5 Medium
        
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" [1]


MITIGATION

        Intel recommends:
        
        "...updating affected products to the latest version[2]..." [1]


REFERENCES

        [1] INTEL-SA-00260 - Intel Processor Graphics Update Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html

        [2] Intel Processor Graphics Update
            https://downloadcenter.intel.com/product/80939/Graphics-Drivers

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXcuA3maOgq3Tt24GAQhjXg/+IXnfnHHWCcoz/GYnxqyG0KnF50dOtpiz
JDhz73lxJ5Qv/5swjOlcMI6qdJMvY5pRyRpR9wEcTf2Ou1meXlr6MNiALU24IKaO
ZPkg1YD2/GE5eIWTlX7RNGikBtp8XF6Yi0NpJAYGFSJguJMz477+Yv5iyk/IpmvJ
Hs0+b/eDdshuYU4og5pzER6xivJL+TBvFhLi/qBGIqK1HIn+bnNA6fWZNNQy6F3K
eWSM0pEI3L3UZodoDX4t4uT1N9TZeayOXAHOvFF7kHSXxz8CTho79om74FxSs+cj
t+7lOkLzCI6xeJzPcGI6zuj8Paj4lLfQ92ujJgTjwr+X5SqVaMzOdTSTeJo+yQKY
+Gxm0RhjkJhPyfRLqIbPW+MBQoeuoL+alGC5SutZI9WglSu770/eRF+efJ33hRRd
525q1rhf/IkYFTNjcg2WLA6W+iIOS1LSXrgHyn38HInsrsh0g1CxKUIlj2B0BAM+
odrp/0pXPtqW2MNcjUuQDx3Eckye1XdmeOQwsPzl8vugKnJFPyOQa8LnYFf1XmCz
zglKEhsoTjFZ/4dez4I02gZfYPYAe4Yx2LfM9gVX7KMJ/N5B38JXKTPD1RkKRnQu
EybrqguTMfdaVTt+YS4kfUWReuLcNLWyQWfJrmEBMR2eeKcfeEd2ZcVtWCn4NwHX
6pcPRFnHryc=
=WEh5
-----END PGP SIGNATURE-----