13 November 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0321 INTEL-SA-00260 - Intel Processor Graphics Update Advisory 13 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Core Processor Intel Pentium Processor Intel Celeron Processor Intel Atom Processor Intel Xeon Processor Operating System: Windows Linux variants Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0154 Member content until: Friday, December 13 2019 Reference: ESB-2019.4247 ESB-2019.4246 OVERVIEW Intel has discovered vulnerabilities in the following products: o Intel Core Processor o Intel Pentium Processor o Intel Celeron Processor o Intel Atom Processor o Intel Xeon Processor  IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00260 Advisory Category: Firmware, Software, Hardware Impact of vulnerability : Denial of Service Severity rating : MEDIUM Original release: 11/12/2019 Last revised: 11/12/2019"  "CVEID: CVE-2019-0154 Description: Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access. CVSS Base Score: 6.5 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"  MITIGATION Intel recommends: "...updating affected products to the latest version..."  REFERENCES  INTEL-SA-00260 - Intel Processor Graphics Update Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html  Intel Processor Graphics Update https://downloadcenter.intel.com/product/80939/Graphics-Drivers AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXcuA3maOgq3Tt24GAQhjXg/+IXnfnHHWCcoz/GYnxqyG0KnF50dOtpiz JDhz73lxJ5Qv/5swjOlcMI6qdJMvY5pRyRpR9wEcTf2Ou1meXlr6MNiALU24IKaO ZPkg1YD2/GE5eIWTlX7RNGikBtp8XF6Yi0NpJAYGFSJguJMz477+Yv5iyk/IpmvJ Hs0+b/eDdshuYU4og5pzER6xivJL+TBvFhLi/qBGIqK1HIn+bnNA6fWZNNQy6F3K eWSM0pEI3L3UZodoDX4t4uT1N9TZeayOXAHOvFF7kHSXxz8CTho79om74FxSs+cj t+7lOkLzCI6xeJzPcGI6zuj8Paj4lLfQ92ujJgTjwr+X5SqVaMzOdTSTeJo+yQKY +Gxm0RhjkJhPyfRLqIbPW+MBQoeuoL+alGC5SutZI9WglSu770/eRF+efJ33hRRd 525q1rhf/IkYFTNjcg2WLA6W+iIOS1LSXrgHyn38HInsrsh0g1CxKUIlj2B0BAM+ odrp/0pXPtqW2MNcjUuQDx3Eckye1XdmeOQwsPzl8vugKnJFPyOQa8LnYFf1XmCz zglKEhsoTjFZ/4dez4I02gZfYPYAe4Yx2LfM9gVX7KMJ/N5B38JXKTPD1RkKRnQu EybrqguTMfdaVTt+YS4kfUWReuLcNLWyQWfJrmEBMR2eeKcfeEd2ZcVtWCn4NwHX 6pcPRFnHryc= =WEh5 -----END PGP SIGNATURE-----