Hi,

On Thu, Feb 11, 2021 at 7:39 PM Pavel Machek <pavel@denx.de> wrote:

Hi!

Six new issues this week:
- CVE-2020-12362, CVE-2020-12363, CVE-2020-12364:
CVEs from Intel Advisory affecting Intel Graphics Driver. Details
unknown

It seems there's more for the intel graphics, but it is not mentioned
in our repository. OTOH trailer there that these are rather old
issues, fixed in 5.5...

Looks like CVE-2020-0544 and CVE-2020-0521 are for Windows. Debian lists
them as such [1][2]. Seems the Intel advisory directly refers to Linux
drivers by kernel version. Any other version string likely refers to
the Windows drivers.


ChenYu

[1] https://security-tracker.debian.org/tracker/CVE-2020-0521
[2] https://security-tracker.debian.org/tracker/CVE-2020-0544

Best regards,
Pavel

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html

CVEID: CVE-2020-0544

Description: Insufficient control flow management in the kernel mode
driver for some Intel(R) Graphics Drivers before version 15.36.39.5145
may allow an authenticated user to potentially enable escalation of
privilege via local access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H



CVEID: CVE-2020-0521

Description: Insufficient control flow management in some Intel(R)
Graphics Drivers before version 15.45.32.5145 may allow an
authenticated user to potentially enable escalation of privilege via
local access.

CVSS Base Score: 7.7 High

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

...

Affected Products:
Intel® Graphics Drivers for 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th
Generation Intel® Processors for Windows* 7, 8.1 and 10 before
versions 15.33.51.5146, 15.36.39.5145, 15.40.46.5144, 15.45.32.5164,
26.20.100.8141, 27.20.100.8587 and Intel® Graphics Drivers for Linux
before Linux kernel version 5.5.

Best regards,
Pavel
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany