Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0010 Intel Processor Graphics driver security update (INTEL-SA-00314) 15 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Processor Graphics Operating System: Windows Linux variants Impact/Access: Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-14615 Member content until: Friday, February 14 2020 OVERVIEW Intel has released updates for the Intel Processor Graphics Drivers on Windows and Linux to address an information disclosure vulnerability. Updates are available for Windows now and a mitigation for Linux is targeted for release on approx January 14th. [1] IMPACT Intel has provided the following information about the vulnerability: "CVEID: CVE-2019-14615 Description: Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. CVSS Base Score: 6.3 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" [1] MITIGATION "Intel recommends updating Intel Processor Graphics Driver for Windows* and the i915 Linux Driver to the latest version (see provided table). Windows Operating System Driver version o 26.20.100.7209 or higher o 15.45.x.5077 or higher o 15.40.x.5107 or higher o 15.36.x.5117 or higher o 15.33.x.5122 or higher Updates are available for download at this location: https:// downloadcenter.intel.com/product/80939/Graphics-Drivers Linux Operating System Linux mitigation is targeted to be available on or after January 14, 2020. Kernel version information is targeted to be available January 7, 2020. Kernel version o Mainline: 5.5-rc6 or later o Stable: 5.4.12or later o LTS: 4.19.96or later o LTS: 4.14.165or later o LTS: 4.9.210or later o LTS: 4.4.210 or later" [1] REFERENCES [1] Intel Processor Graphics Advisory (INTEL-SA-00314) https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXh51T2aOgq3Tt24GAQhrsQ//Q8arA4ngElfepxLqy3tkJv3OoR1rs/Ec vEBwIeTY1u0yqL/bVrjzoVqXYrqiPF51oliYsj0ilrEzx+eh5rEDITnZ7GqwDsvK 8gNJxPMFUUommYP0r69UMin557/UIFKxvIlyo/HmLU4QyPrb0I8XJ6vWEC08hI3Y 5bu/PPp0lyd3lpvdtbxDNvfY1uFShxBPyfKIbsekLURihpgKoXYeeRybbXFVII+Y VziduCpEix4jc0DkjHEX/Lhe3SKTnLtyTWeLbdpppftG0TGhTeRoccm9QrsYMRuZ ja4wCyful/PZBO7n8/CqlmQs7oXaHT4e/HWuylt8nhb6nlFU7nCv4Zc1uc4Svch1 oQtPPsyYG8zzRAvgdF8ttNbtSUHUU5DrYo3I/S2WDqLI1JauHpWjW8eZsBLhepC0 /yHMcp2U4VSpNY+RzSd/YTU+SbHA8dy6LZ4SL+1UHM5G31l/L+vXGc45VaAWJmj+ UOADch8uYQrvwB8guTpxm4KI34Hy+pcugZNuiW2d5UJEcWCHjDgZ0yAg9StX29Zb dwxKsdGXXG1+kIchRuRCPcgP4TCQxqUznYUygl8Z4kx69vLQYRX3sa4nzGEzK//l iy1kikitndlKKtFpay2AzbizgbA3bzNXg174xnasrrIcTxsYX3R7T4pvS7dIBb1z auwdBIoR0+A= =yX9/ -----END PGP SIGNATURE-----