INTEL GRAPHICS DRIVER VULNERABILITIES AND LOAD VALUE INJECTION

 In Threat Horizon

Priority: High

Executive Summary: Intel have released an advisory detailing 17 vulnerabilities in their Windows graphics drivers [1]. These would allow an attacker to perform privilege escalation, perform a denial of service (DoS) attack and/or enable information disclosure. These vulnerabilities exist due to various issues in the graphics drivers, including buffer overflow flaws and improper access control. To exploit any of these vulnerabilities, local access is still required. Intel have released updates for their affected products, and it is recommended that these updates are installed as soon as possible.

In addition, Intel have also produced an advisory for a vulnerability in some of their processors [2]. An exploit technique was discovered by security researchers who were also involved in uncovering the Meltdown and Spectre vulnerabilities, and works as a “reverse-Meltdown” attack; where Meltdown was used to pull data from memory, it can also be used to insert data [3]. This is being referred to as a ‘Load Value Injection’ (LVI) attack. The vulnerability has been given a CVSS base score rating of ‘Medium’, as the attack only allows information disclosure and is considered reasonably complicated to execute. It is believed to be more of an issue if used against Intel Software Guard Extensions (SGX) which Intel have released updates for to mitigate against the issue.

In both cases, organisations are advised to update their affected systems as soon as possible, to ensure they are protected against these vulnerabilities before attackers begin to utilise them.

Detect: As these are flaws in Intel graphics drivers and Intel processors it will be necessary to investigate which devices use the relevant hardware.

Affected Products: Intel Graphics Drivers for 3rd through to 10th Generation Intel Processors for Windows 7, 8.1, and 10 before versions 15.40.44.5107, 15.45.29.5103, 26.20.100.7584, 15.33.49.5100 and 15.36.38.5117 are affected by the graphics drivers vulnerabilities.

A list of devices affected by LVI can be found in the following link:
https://software.intel.com/security-software-guidance/processors-affected-transient-execution-attack-mitigation-product-cpu-model

Prevent:
Intel have released updates for Intel graphics drivers which can be downloaded from the below link:
https://downloadcenter.intel.com/search?keyword=intel+graphics

To prevent against being impacted by the LVI exploit Intel have released updates to the SGX Platform Software and SDK. The updated versions can be downloaded from the links below:
The latest Windows SGX PSW and SDK: https://registrationcenter.intel.com/en/forms/?productid=2614
The latest Linux SGX PSW and SDK: https://01.org/intel-software-guard-extensions/downloads

React: Updates should be applied to the affected systems as soon as possible to ensure your organisation is protected against these vulnerabilities before attackers begin to utilise them.

Sources:
[1] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html
[2] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html
[3] https://www.theregister.co.uk/2020/03/10/lvi_intel_cpu_attack/

Author: George Thomas

Recent Posts

Leave a Comment

Tel:
+44 (0) 20 7517 3900