A team of network penetration testing experts has reported the discovery of multiple vulnerabilities in various components of Intel, the world’s most popular processor company. It appears that the successful exploitation of these flaws would allow threat actors to generate various risk scenarios for users.
Below are some details of the reported flaws, in addition to their respective identification keys and scores according to the Common Vulnerability Scoring System (CVSS). The first group of reported flaws affects the graphical drivers of the following products:
- Sixth Generation Intel Core Processors
- Seventh generation Intel Core processors
- Eighth Generation Intel Core Processors
- Third Generation Intel Core Processors
- Fourth Generation Intel Core Processors
- Fifth Generation Intel Core Processors
- Ninth Generation Intel Core Processors
- Tenth Generation Intel Core Processors
CVE-2020-0513: A boundary error processing an unverified entry on some Intel graphics drivers would allow a local user to expose the system to multiple risks.
According to network penetration testing experts, malicious hackers can trigger an out-of-bounds write and execute arbitrary code on the target system. The fault received a score of 6.8/10.
CVE-2020-8681: A boundary error processing an unreliable entry in the system driver for some Intel graphics drivers allows local users to deploy malicious actions on vulnerable systems.
Threat actors could trigger an out-of-bounds write scenario and execute arbitrary code on the target system. The fault received a score of 6.8/10.
CVE-2020-0512: An exception not caught on some Intel graphics drivers would allow local hackers to deploy denial of service (DoS) attacks. The fault received a score of 4.8/10.
CVE-2020-8682: A boundary condition on some Intel graphics drivers would allow local hackers to deploy DoS attacks. A threat actor might trigger this condition by generating an out-of-bounds read error.
This low severity flaw received a CVSS score of 4.8/10.
CVE-2020-8683: This flaw exists due to a boundary error in Intel graphics drivers that could be abused to trigger a DoS condition on the target system. This flaw received a score of 4.8/10.
On the other hand, network penetration testing specialists point out that a second set of flaws resides in the following Intel wireless support products:
- Intel WiFi 6 AX201
- Intel WiFi 6 AX200
- Intel Wireless-AC 9560
- Intel Wireless-AC 9462
- Intel Wireless-AC 9461
- Intel Wireless-AC 9260
- Intel Dual Band Wireless-AC 8265
- Intel Dual Band Wireless-AC 8260
- Intel Dual Band Wireless-AC 3168
- Intel Wireless 7265 (Rev D)
- Intel Dual Band Wireless-AC 3165
CVE-2020-0554: A race condition in the affected software installer for Windows would allow local threat actors to scale privileges on the target system, gaining access to sensitive information.
The vulnerability received a score of 6.8/10.
CVE-2020-0555: Incorrect input validation would allow local threat actors to execute a privilege escalation on the target system. The vulnerability received a score of 6.8/10.
CVE-2020-0553: This flaw exists due to a boundary condition, which would allow a local user to access potentially sensitive information by running a specially designed program to trigger an out-of-bounds read and access the content of the compromised memory.
The vulnerability received a score of 2.8/10.
CVE-2019-14620: The flaw exists due to incorrect input validation that could be exploited by a threat actor physically near the target system, allowing it to send Bluetooth packets specially designed to trigger a DoS condition.
This flaw received a score of 4.8/10.
Most of the reported security risks are minor, although it is recommended that affected deployment administrators install the corresponding updates as soon as possible. More details about these flaws can be found on Intel’s official platforms.