CVE-2020-12362: Integer Overflow
First published: Wed Feb 17 2021(Updated: )
A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.41.2.el6 | 0:2.6.32-754.41.2.el6 |
| redhat/kernel-rt | <0:3.10.0-1160.31.1.rt56.1169.el7 | 0:3.10.0-1160.31.1.rt56.1169.el7 |
| redhat/kernel | <0:3.10.0-1160.31.1.el7 | 0:3.10.0-1160.31.1.el7 |
| redhat/kernel | <0:3.10.0-514.89.1.el7 | 0:3.10.0-514.89.1.el7 |
| redhat/kernel | <0:3.10.0-693.87.1.el7 | 0:3.10.0-693.87.1.el7 |
| redhat/kernel | <0:3.10.0-957.76.1.el7 | 0:3.10.0-957.76.1.el7 |
| redhat/kernel | <0:3.10.0-1062.51.1.el7 | 0:3.10.0-1062.51.1.el7 |
| redhat/kernel-rt | <0:4.18.0-305.rt7.72.el8 | 0:4.18.0-305.rt7.72.el8 |
| redhat/kernel | <0:4.18.0-305.el8 | 0:4.18.0-305.el8 |
| redhat/linux-firmware | <0:20201218-102.git05789708.el8 | 0:20201218-102.git05789708.el8 |
| redhat/kernel | <0:4.18.0-147.48.1.el8_1 | 0:4.18.0-147.48.1.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.56.1.rt13.106.el8_2 | 0:4.18.0-193.56.1.rt13.106.el8_2 |
| redhat/kernel | <0:4.18.0-193.56.1.el8_2 | 0:4.18.0-193.56.1.el8_2 |
| Intel Graphics Drivers for Windows | <26.20.100.7212 | |
| Intel Graphics Drivers for Windows | <26.20.100.7212 | |
| Linux kernel | <5.5 |
Remedy
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1930247
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c784e5249e773689e38d2bc1749f08b986621a26
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1934418
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1773173&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1773173&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1774212&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1774212&action=edit
- https://access.redhat.com/errata/RHSA-2021:1578
- https://access.redhat.com/errata/RHSA-2021:1620
- https://access.redhat.com/errata/RHSA-2021:1739
- https://access.redhat.com/security/cve/cve-2020-12362
- https://access.redhat.com/errata/RHSA-2021:2106
- https://access.redhat.com/errata/RHSA-2021:2164
- https://access.redhat.com/errata/RHSA-2021:2190
- https://access.redhat.com/errata/RHSA-2021:2185
- https://access.redhat.com/errata/RHSA-2021:2293
- https://access.redhat.com/errata/RHSA-2021:2314
- https://access.redhat.com/errata/RHSA-2021:2316
- https://access.redhat.com/errata/RHSA-2021:2355
- https://access.redhat.com/errata/RHSA-2021:2523
- https://access.redhat.com/errata/RHSA-2021:2735
- https://bugzilla.redhat.com/show_bug.cgi?id=1930246
- https://www.cve.org/CVERecord?id=CVE-2020-12362 https://nvd.nist.gov/vuln/detail/CVE-2020-12362
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2020-12362?
CVE-2020-12362 is an integer overflow vulnerability in the firmware for some Intel(R) Graphics Drivers for Windows.
What is the severity of CVE-2020-12362?
CVE-2020-12362 has a severity rating of 7.8 (high).
How does CVE-2020-12362 affect data confidentiality and integrity?
CVE-2020-12362 poses a threat to both data confidentiality and integrity.
What is the remedy for CVE-2020-12362?
To fix CVE-2020-12362, update the affected Intel(R) Graphics Drivers to version 26.20.100.7212 or newer.
Where can I find more information about CVE-2020-12362?
You can find more information about CVE-2020-12362 in the advisory published by Intel and the bugzilla report.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/references
- agent/remedy
- agent/severity
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12362
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- package-manager/redhat
- vendor/intel
- canonical/intel graphics drivers for windows
- vendor/linux
- canonical/linux kernel