-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
Intel Processor Graphics driver security update (INTEL-SA-00314)
15 January 2020
AusCERT Security Bulletin Summary
Product: Intel Processor Graphics
Operating System: Windows
Impact/Access: Access Confidential Data -- Remote with User Interaction
CVE Names: CVE-2019-14615
Member content until: Friday, February 14 2020
Intel has released updates for the Intel Processor Graphics Drivers
on Windows and Linux to address an information disclosure vulnerability.
Updates are available for Windows now and a mitigation for Linux
is targeted for release on approx January 14th. 
Intel has provided the following information about the vulnerability:
Description: Insufficient control flow in certain data structures for some
Intel(R) Processors with Intel(R) Processor Graphics may allow an
unauthenticated user to potentially enable information disclosure via local
CVSS Base Score: 6.3 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N" 
"Intel recommends updating Intel Processor Graphics Driver for Windows* and the
i915 Linux Driver to the latest version (see provided table).
Windows Operating System Driver version
o 126.96.36.19909 or higher
o 15.45.x.5077 or higher
o 15.40.x.5107 or higher
o 15.36.x.5117 or higher
o 15.33.x.5122 or higher
Updates are available for download at this location: https://
Linux Operating System
Linux mitigation is targeted to be available on or after January 14, 2020.
Kernel version information is targeted to be available January 7, 2020.
o Mainline: 5.5-rc6 or later
o Stable: 5.4.12or later
o LTS: 4.19.96or later
o LTS: 4.14.165or later
o LTS: 4.9.210or later
o LTS: 4.4.210 or later" 
 Intel Processor Graphics Advisory (INTEL-SA-00314)
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----