Potential security vulnerabilities in some Intel® Graphics Drivers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.
Description: Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 220.127.116.1166 may allow authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description: Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 18.104.22.16816 may allow an authenticated user to potentially enable denial of service via local access.
CVSS Base Score: 6.4 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
Intel® Iris® Xe MAX Dedicated Graphics Drivers for Windows 10 before version 22.214.171.12466.
Intel® Graphics DCH Drivers for Windows 10 before version 126.96.36.19916.
Intel® Graphics non DCH Drivers for Windows 10 before version 100.9416.
Intel recommends updating the affected Intel® Graphics Drivers to the latest versions.
Update is available for download at this location:
Intel would like to thank Andrew Hess (any1) for reporting CVE-2021-012, Eran Shimony of CyebrArk for reporting CVE-2021-0120.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.