-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0010
     Intel Processor Graphics driver security update (INTEL-SA-00314)
                              15 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel Processor Graphics
Operating System:     Windows
                      Linux variants
Impact/Access:        Access Confidential Data -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-14615  
Member content until: Friday, February 14 2020

OVERVIEW

        Intel has released updates for the Intel Processor Graphics Drivers
        on Windows and Linux to address an information disclosure vulnerability.
        
        Updates are available for Windows now and a mitigation for Linux
        is targeted for release on approx January 14th. [1]


IMPACT

        Intel has provided the following information about the vulnerability:
        
        "CVEID: CVE-2019-14615
        
        Description: Insufficient control flow in certain data structures for some
        Intel(R) Processors with Intel(R) Processor Graphics may allow an
        unauthenticated user to potentially enable information disclosure via local
        access.
        
        CVSS Base Score: 6.3 Medium
        
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" [1]


MITIGATION

        "Intel recommends updating Intel Processor Graphics Driver for Windows* and the
        i915 Linux Driver to the latest version (see provided table).
        
        Windows Operating System Driver version
        
          o 26.20.100.7209 or higher
          o 15.45.x.5077 or higher
          o 15.40.x.5107 or higher
          o 15.36.x.5117 or higher
          o 15.33.x.5122 or higher
        
        Updates are available for download at this location: https://
        downloadcenter.intel.com/product/80939/Graphics-Drivers
        
        Linux Operating System
        
        Linux mitigation is targeted to be available on or after January 14, 2020.
        Kernel version information is targeted to be available January 7, 2020.
        
        Kernel version
        
          o Mainline: 5.5-rc6 or later
          o Stable: 5.4.12or later
          o LTS: 4.19.96or later
          o LTS: 4.14.165or later
          o LTS: 4.9.210or later
          o LTS: 4.4.210 or later" [1]


REFERENCES

        [1] Intel Processor Graphics Advisory (INTEL-SA-00314)
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXh51T2aOgq3Tt24GAQhrsQ//Q8arA4ngElfepxLqy3tkJv3OoR1rs/Ec
vEBwIeTY1u0yqL/bVrjzoVqXYrqiPF51oliYsj0ilrEzx+eh5rEDITnZ7GqwDsvK
8gNJxPMFUUommYP0r69UMin557/UIFKxvIlyo/HmLU4QyPrb0I8XJ6vWEC08hI3Y
5bu/PPp0lyd3lpvdtbxDNvfY1uFShxBPyfKIbsekLURihpgKoXYeeRybbXFVII+Y
VziduCpEix4jc0DkjHEX/Lhe3SKTnLtyTWeLbdpppftG0TGhTeRoccm9QrsYMRuZ
ja4wCyful/PZBO7n8/CqlmQs7oXaHT4e/HWuylt8nhb6nlFU7nCv4Zc1uc4Svch1
oQtPPsyYG8zzRAvgdF8ttNbtSUHUU5DrYo3I/S2WDqLI1JauHpWjW8eZsBLhepC0
/yHMcp2U4VSpNY+RzSd/YTU+SbHA8dy6LZ4SL+1UHM5G31l/L+vXGc45VaAWJmj+
UOADch8uYQrvwB8guTpxm4KI34Hy+pcugZNuiW2d5UJEcWCHjDgZ0yAg9StX29Zb
dwxKsdGXXG1+kIchRuRCPcgP4TCQxqUznYUygl8Z4kx69vLQYRX3sa4nzGEzK//l
iy1kikitndlKKtFpay2AzbizgbA3bzNXg174xnasrrIcTxsYX3R7T4pvS7dIBb1z
auwdBIoR0+A=
=yX9/
-----END PGP SIGNATURE-----