High-Severity Flaws Plague Intel Graphics Drivers

upstart writes in with an IRC submission for Bytram:

High-Severity Flaws Plague Intel Graphics Drivers:

Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.

Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service (DoS) and information disclosure.

The graphics driver is software that controls how graphic components work with the rest of the computer. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. In addition to these six high-severity flaws, Intel stomped out 17 vulnerabilities overall in its graphics drivers on Tuesday. Separately, Intel addressed a load value injection (LVI) vulnerability (CVE-2020-0551), which it ranked as medium severity, that researchers say could allow attackers to steal sensitive data.

The most severe of these is a buffer-overflow vulnerability (CVE-2020-0504) existing in Intel graphic drivers before versions 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. The flaw scores 8.4 out of 10 on the CVSS scale, making it high-severity. If exploited, this flaw "may allow an authenticated user to potentially enable a denial of service via local access," said Intel.

Read more of this story at SoylentNews.