Details of VAR-202003-0340

ID

VAR-202003-0340

CVE

CVE-2020-0565

TITLE

Intel(R) Graphics Driver Vulnerability in uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2020-002971

DESCRIPTION

Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in versions prior to Intel Graphics Drivers 26.20.100.7158. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2020-0565 // JVNDB: JVNDB-2020-002971 // VULHUB: VHN-161999

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	lt	version:	26.20.100.7158	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	26.20.100.7158	Trust: 0.8

sources: JVNDB: JVNDB-2020-002971 // NVD: CVE-2020-0565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0565
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-002971
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202003-533
value:	HIGH
Trust: 0.6
VULHUB:	VHN-161999
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-0565
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-002971
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-161999
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-0565
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-002971
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-161999 // JVNDB: JVNDB-2020-002971 // CNNVD: CNNVD-202003-533 // NVD: CVE-2020-0565

PROBLEMTYPE DATA

problemtype:

CWE-427

Trust: 1.9

sources: VULHUB: VHN-161999 // JVNDB: JVNDB-2020-002971 // NVD: CVE-2020-0565

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-533

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-533

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-002971

PATCH

title:	INTEL-SA-00315	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html	Trust: 0.8
title:	Intel Graphics Drivers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112005	Trust: 0.6

sources: JVNDB: JVNDB-2020-002971 // CNNVD: CNNVD-202003-533

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0565	Trust: 2.5
db:	JVN	id:	JVNVU94445466	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-002971	Trust: 0.8
db:	CNNVD	id:	CNNVD-202003-533	Trust: 0.7
db:	LENOVO	id:	LEN-30555	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0871	Trust: 0.6
db:	VULHUB	id:	VHN-161999	Trust: 0.1

sources: VULHUB: VHN-161999 // JVNDB: JVNDB-2020-002971 // CNNVD: CNNVD-202003-533 // NVD: CVE-2020-0565

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200320-0003/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00315.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0565	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0565	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94445466/index.html	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0871/	Trust: 0.6
url:	https://support.lenovo.com/us/en/product_security/len-30555	Trust: 0.6

sources: VULHUB: VHN-161999 // JVNDB: JVNDB-2020-002971 // CNNVD: CNNVD-202003-533 // NVD: CVE-2020-0565

CREDITS

Eran Shimony

Trust: 0.6

sources: CNNVD: CNNVD-202003-533

SOURCES

db:	VULHUB	id:	VHN-161999
db:	JVNDB	id:	JVNDB-2020-002971
db:	CNNVD	id:	CNNVD-202003-533
db:	NVD	id:	CVE-2020-0565

LAST UPDATE DATE

2024-11-23T19:46:36.750000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-161999	date:	2020-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-002971	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-533	date:	2021-05-24T00:00:00
db:	NVD	id:	CVE-2020-0565	date:	2024-11-21T04:53:46.260

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-161999	date:	2020-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2020-002971	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-533	date:	2020-03-10T00:00:00
db:	NVD	id:	CVE-2020-0565	date:	2020-03-12T21:15:14.233