Details of VAR-202008-1128

ID

VAR-202008-1128

CVE

CVE-2020-8681

TITLE

Intel(R) Graphics Drivers Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009487

DESCRIPTION

Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in system drivers in versions prior to Intel Graphics Drivers 15.33.50.5129. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2020-8681 // JVNDB: JVNDB-2020-009487 // VULHUB: VHN-186806

AFFECTED PRODUCTS

vendor:	intel	model:	graphics drivers	scope:	lt	version:	15.33.50.5129	Trust: 1.0
vendor:	intel	model:	graphics drivers	scope:	eq	version:	15.33.50.5129	Trust: 0.8

sources: JVNDB: JVNDB-2020-009487 // NVD: CVE-2020-8681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8681
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-009487
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-591
value:	HIGH
Trust: 0.6
VULHUB:	VHN-186806
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8681
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-009487
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-186806
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-8681
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-009487
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-186806 // JVNDB: JVNDB-2020-009487 // CNNVD: CNNVD-202008-591 // NVD: CVE-2020-8681

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.9

sources: VULHUB: VHN-186806 // JVNDB: JVNDB-2020-009487 // NVD: CVE-2020-8681

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-591

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-591

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009487

PATCH

title:	INTEL-SA-00369	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html	Trust: 0.8
title:	Intel Graphics Drivers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126066	Trust: 0.6

sources: JVNDB: JVNDB-2020-009487 // CNNVD: CNNVD-202008-591

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8681	Trust: 2.5
db:	JVN	id:	JVNVU99606488	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-009487	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-591	Trust: 0.7
db:	NSFOCUS	id:	49014	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2760	Trust: 0.6
db:	LENOVO	id:	LEN-36229	Trust: 0.6
db:	VULHUB	id:	VHN-186806	Trust: 0.1

sources: VULHUB: VHN-186806 // JVNDB: JVNDB-2020-009487 // CNNVD: CNNVD-202008-591 // NVD: CVE-2020-8681

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00369.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8681	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8681	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu99606488	Trust: 0.8
url:	https://support.lenovo.com/us/en/product_security/len-36229	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2760/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/49014	Trust: 0.6

sources: VULHUB: VHN-186806 // JVNDB: JVNDB-2020-009487 // CNNVD: CNNVD-202008-591 // NVD: CVE-2020-8681

CREDITS

Ori Nimron (@orinimron123)

Trust: 0.6

sources: CNNVD: CNNVD-202008-591

SOURCES

db:	VULHUB	id:	VHN-186806
db:	JVNDB	id:	JVNDB-2020-009487
db:	CNNVD	id:	CNNVD-202008-591
db:	NVD	id:	CVE-2020-8681

LAST UPDATE DATE

2024-11-23T21:35:21.498000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-186806	date:	2020-08-19T00:00:00
db:	JVNDB	id:	JVNDB-2020-009487	date:	2020-11-10T06:26:58
db:	CNNVD	id:	CNNVD-202008-591	date:	2022-02-10T00:00:00
db:	NVD	id:	CVE-2020-8681	date:	2024-11-21T05:39:14.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-186806	date:	2020-08-13T00:00:00
db:	JVNDB	id:	JVNDB-2020-009487	date:	2020-11-10T06:26:58
db:	CNNVD	id:	CNNVD-202008-591	date:	2020-08-11T00:00:00
db:	NVD	id:	CVE-2020-8681	date:	2020-08-13T04:15:13.523