Intel's releases fixes for six 'high severity' graphics driver security flaws among 17 Patch Tuesday updates

Serious security flaws in Intels' Windows graphics drivers could compromise PCs

Intel has released its March 2020 security updates, covering several products, including graphics drivers, processors, field-programmable gate arrays (FPGAs), and other components.

But the most eye-catching fixes were for six high-severity vulnerabilities affecting Intel ' s Windows graphics drivers. If exploited, these flaws could enable attackers to launch denial of service (DoS) attacks, steal sensitive information from the machine, and have escalated privileges.

The most severe of the vulnerabilities is CVE-2020-0504, which has been assigned a CVSS score of 8.4 out of 10. This buffer-overflow bug impacts Intel graphic drivers with versions prior to 26.20.100.7158, 15.40.44.5107, and 15.45.30.5103. The flaw, if exploited, could allow an authenticated attacker with local access to potentially launch a DOS attack.

CVE-2020-0501 is another buffer overflow vulnerability addressed in Intel graphics driver (prior to version 26.20.100.6912). This bug could also enable an authenticated user to open a DOS attack via local access.

CVE-2020-0519 and CVE-2020-0516 are two high-severity improper access control bugs that Intel has addressed in its graphics drivers. These bugs, if successfully exploited, could allow an authenticated user with local access to have escalated privileges or allow them to launch a DoS attack.

Intel, in total, addressed 17 vulnerabilities in its graphics drivers on Tuesday.

Separately, Intel also addressed a Meltdown-style, load value injection (LVI) flaw, which impacts some of its processors utilising speculative execution and could allow an attacker to steal sensitive data via a side channel with local access.

LVI is described as "a new class of transient-execution attacks" that attempt to exploit "microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data".

LVI is usually "much harder to mitigate than previous attacks, as it can affect virtually any access to memory".

The LVI flaw patched by Intel is indexed as CVE-2020-0551 and is ranked as a medium-severity flaw.

Intel's FPGA PAC N-3000 card received patches for two CVE-listed flaws. One of these flaws allows denial-of-service while another allows elevation-of-privilege for an attacker.

The Optane DC Persistent Memory Management Software received fix for a single vulnerability which could also potentially enable an attacker to launch a DoS attack or enjoy elevation of privilege.