Softpedia >News >Linux
Softpedia Homepage   

Intel Patches Security Vulnerability in Linux and Windows Drivers

Six different security fixes released on January 14

Jan 15, 2020 08:43 GMT  ·  By
Only 1 of the 4 vulnerabilities was assigned a high severity rating
   Only 1 of the 4 vulnerabilities was assigned a high severity rating

Intel has published a total of six advisories for security vulnerabilities impacting its products, including the Intel Processor Graphics on Windows and Linux.

Out of the six security flaws, only one comes with a “high” severity rating. Four of them are rated as “medium,” while last one has a “low” rating.

The high-severity vulnerability is an escalation of privilege that exists in the Intel VTune Amplifier for Windows, and Intel says the bug was discovered internally by company employees.

To resolve the flaw, users must update Intel VTune Amplifier for Windows to version 8 or newer.

“Improper access control in driver for Intel VTune Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access,” Intel says.

Windows and Linux patches

Both Windows and Linux are exposed due to an information disclosure vulnerability that Intel has discovered in the Processor Graphics drivers.

“Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access,” Intel’s security advisory for CVE-2019-14615 reads.

The 3rd to 10th Generation Intel Core processors, Intel Xeon Processor E3 v2 to v6 Family, E-2100 and 2-2200, as well as Intel Atom Processor A, E, X, and Z series and a number of Celeron models are all affected by the vulnerability.

Intel says users must update the Intel Processor Graphics driver for Windows and the i915 Linux Driver to the latest version. However, the company warns that full mitigations isn’t available at this point for Windows for some chips.

“Platforms based on Ivy Bridge, Bay Trail and Haswell do not have full mitigations at this time for the Windows OS.  Updating the drivers for these platforms per the recommendation below will substantively reduce the potential attack surface. Intel is working on full mitigations for these platforms and will make them available once they are validated. Linux mitigation for these platforms will be provided for the mainline kernel,” Intel says.

Intel says the bug was originally discovered internally, but a number of third-party researchers also contributed to the report.