SoylentNews

upstart writes in with an IRC submission for Bytram:

High-Severity Flaws Plague Intel Graphics Drivers:

Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.

Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service (DoS) and information disclosure.

The graphics driver is software that controls how graphic components work with the rest of the computer. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. In addition to these six high-severity flaws, Intel stomped out 17 vulnerabilities overall in its graphics drivers on Tuesday. Separately, Intel addressed a load value injection (LVI) vulnerability (CVE-2020-0551), which it ranked as medium severity, that researchers say could allow attackers to steal sensitive data.

The most severe of these is a buffer-overflow vulnerability (CVE-2020-0504) existing in Intel graphic drivers before versions 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. The flaw scores 8.4 out of 10 on the CVSS scale, making it high-severity. If exploited, this flaw "may allow an authenticated user to potentially enable a denial of service via local access," said Intel.

[...] In its Tuesday security advisory, Intel addressed CVE-2020-0551, a new class of transient-execution attacks that exploit microarchitectural flaws to inject attacker data into a program and steal sensitive data and keys from Intel SGX (or Intel Software Guard eXtensions; which is processor technology released in 2015 to create isolated environments in the computer's memory).

"LVI turns previous data extraction attacks around, like Meltdown, Foreshadow, ZombieLoad, RIDL and Fallout, and defeats all existing mitigations," according to researchers who discovered the flaw in a Tuesday post. "Instead of directly leaking data from the victim to the attacker, we proceed in the opposite direction: we smuggle — 'inject' — the attacker's data through hidden processor buffers into a victim program and hijack transient execution to acquire sensitive information, such as the victim's fingerprints or passwords."

[...] Intel also released patches for high-severity flaws affecting its Next Unit Computing (NUC) mini PC firmware (which has been found to be vulnerable to various flaws in the past). These flaws include an improper buffer restriction (CVE-2020-0530) in the NUC firmware that "may allow an authenticated user to potentially enable escalation of privilege via local access," according to Intel. And, an improper input validation in the NUC firmware (CVE-2020-0526) could enable allow a privileged user with local access to enable escalation of privilege. A full list of affected NUC versions can be found here.

Another high-severity vulnerability was address in BlueZ, the pairing communications Bluetooth stack for major Linux distributions that supports Bluetooth protocols and layers. Intel is a leading contributor to the BlueZ project, employing currently all but one of the maintainers. According to Intel, an improper access control flaw in the subsystem of BlueZ (before version 5.53) could allow an unauthenticated user with adjacent access to achieve escalation of privilege and launch DoS attacks.

Finally, Intel fixed a high-severity flaw in its Smart Sound Technology, which provides audio and voice processing to support "voice wake" functions in devices. The vulnerability (CVE-2020-0583) is an improper access control flaw in the subsystem for Intel's Smart Sound Technology, which could allow an authenticated user to potentially enable escalation of privilege via local access. Versions of Smart Sound Technology before the 10th Generation Intel Core i7 Processors, version 3431; and 8th Generation Intel Core Processors, version 3349 are affected; Intel recommends that users update to the latest version provided by the system manufacturer that addresses these issues.

Original Submission