The latest security information on Intel® products.

Summary: 

Potential security vulnerabilities in some Intel® Graphics Driver software may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.

Vulnerability Details: 

CVEID:  CVE-2024-45333

Description: Improper access control for some Intel® Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 7.3 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

CVSS Base Score 4.0: 6.9 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-36292

Description: Improper buffer restrictions for some Intel® Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 7.3 High

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H

CVSS Base Score 4.0: 8.2 High

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:L/SI:N/SA:H

CVEID:  CVE-2024-45371

Description: Improper access control for some Intel® Arc™ & Iris® Xe graphics software before version 32.0.101.6077 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H

CVSS Base Score 4.0: 5.2 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-47800

Description: Uncontrolled search path for some Intel® Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-46895

Description: Uncontrolled search path for some Intel® Arc™ & Iris® Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-28954

Description: Incorrect default permissions for some Intel® Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 6.7 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-29222

Description: Out-of-bounds write for some Intel® Graphics Driver software may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 6.1 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS Base Score 4.0: 5.8 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-39758

Description: Improper access control for some Intel® Arc™ & Iris® Xe graphics software before version 31.0.101.4032 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 5.9 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

CVSS Base Score 4.0: 5.1 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVEID:  CVE-2024-31150

Description: Out-of-bounds read for some Intel® Graphics Driver software may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score 3.1: 3.8 Low

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVSS Base Score 4.0: 4.8 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVEID:  CVE-2024-43101

Description: Improper access control for some Intel® Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 5.3 Medium

CVSS Vector 3.1:  CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

CVSS Base Score 4.0: 5.8 Medium

CVSS Vector 4.0:  CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

Intel® 7th-10th Gen Processor Graphics for Windows driver before version 31.0.101.2130:

• 7th Gen Intel® Core™ processor family
• 8th Gen Intel® Core™ processor family
• 9th Gen Intel® Core™ processor family
• 10th Gen Intel® Core™ processor family
• Intel® Core™ Processor with Intel® Hybrid Technology
• Intel® Atom®, Pentium® and Celeron® processor family
• Intel® Pentium® and Celeron® processor family

Intel® Arc™ & Iris® Xe Graphics for Windows driver before version 32.0.101.6083/32.0.101.5736:

• 11th Gen Intel® Core™ processor family
• 12th Gen Intel® Core™ processor family
• 13th Gen Intel® Core™ processor family
• 14th Gen Intel® Core™ processor family
• Intel® Iris® Xe Dedicated Graphics family
• Intel® Arc® Graphics family
• Intel® Core™ Ultra processor family

Intel® Data Center GPU Flex Series for Windows driver before version 31.0.101.4314:

• Intel® Data Center GPU Flex 140
• Intel® Data Center GPU Flex 170

Intel® Graphics Windows DCH driver software before version 30.0.100.9955.

Intel® 6th Gen Processor Graphics driver, all versions.

Recommendation:

Intel recommends updating Intel® 7th-10th Gen Processor Graphics for Windows software to version 31.0.101.2130 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/776137

Intel recommends updating Intel® Arc™ & Iris® Xe Graphics for Windows driver to version 32.0.101.6083/32.0.101.5736 or later.

Updates are available for download at this location:  

https://www.intel.com/content/www/us/en/download/785597

Intel recommends updating Intel® Data Center GPU Flex Series for Windows driver to version 31.0.101.4314 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/780185

Intel has issued a product discontinuation notice for Intel® 6th Gen Processor Graphics. As of December 30, 2022, the Intel® 6th Gen Processor Graphics software is not supported with any additional functional, security, or other updates. Intel recommends that users discontinue use and migrate to the newer generation product listed in Recommendations as soon as possible.

Product discontinuation notice: Intel® 6th Gen Processor Graphics: https://www.intel.com/content/www/us/en/support/articles/000091662/graphics.html

Acknowledgements:

Intel would like to thank Mohammed (CVE-2024-28954), Aobo Wang of Chaitin Security Research Lab (CVE-2024-39758), @sim0nsecurity (CVE-2024-45371, CVE-2024-46895), houjingyi (CVE-2024-47800) for reporting these issues.  The following issues were also found externally, CVE-2024-29222, CVE-2024-31150.

Intel would like to thank Intel employee Michal Wajdeczko (CVE-2024-36292, CVE-2024-45333) for reporting these issues.  The following issue was also found internally by Intel employees, CVE-2024-43101.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.