Описание
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this issue. Due to the full fix (combination of kernel and firmware updates) being invasive and GUC firmware loading is off by default, Red Hat Enterprise Linux kernel versions prior to the Linux kernel version shipped with Red Hat Enterprise Linux 8.4 GA (kernel-4.18.0-305.el8) print a warning in the kernel log ("GUC firmware is insecure - CVE 2020-12362 - Please update to a newer release to get secure GUC") and do not rely on the firmware fix. As a result, Red Hat Enterprise Linux versions prior Red Hat Enterprise Linux 8.4 GA (including Red Hat Enterprise Linux 6 and 7) do not include the updated firmware packages.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 7 | linux-firmware | Will not fix | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | linux-firmware | Not affected | ||
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | kernel | Fixed | RHSA-2021:2735 | 20.07.2021 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2021:2316 | 08.06.2021 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2021:2314 | 08.06.2021 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel | Fixed | RHSA-2021:2293 | 08.06.2021 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2021:2164 | 01.06.2021 |
| Red Hat Enterprise Linux 7.4 Telco Extended Update Support | kernel | Fixed | RHSA-2021:2164 | 01.06.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...
Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.
Уязвимость драйвера графических систем Intel Graphics Drivers для Windows, вызванная целочисленным переполнением, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3