CVE-2020-12363: Input Validation
First published: Wed Feb 17 2021(Updated: )
A flaw was found in the Linux kernel. Improper input validation in some Intel(R) Graphics Drivers may allow a privileged user to potentially enable a denial of service via local access.
Credit: secure@intel.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.31.1.rt56.1169.el7 | 0:3.10.0-1160.31.1.rt56.1169.el7 |
| redhat/kernel | <0:3.10.0-1160.31.1.el7 | 0:3.10.0-1160.31.1.el7 |
| redhat/kernel-rt | <0:4.18.0-305.rt7.72.el8 | 0:4.18.0-305.rt7.72.el8 |
| redhat/kernel | <0:4.18.0-305.el8 | 0:4.18.0-305.el8 |
| redhat/linux-firmware | <0:20201218-102.git05789708.el8 | 0:20201218-102.git05789708.el8 |
| Intel Graphics Drivers for Windows | <26.20.100.7212 | |
| Intel Graphics Drivers for Windows | <26.20.100.7212 | |
| Linux kernel | <5.5 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c784e5249e773689e38d2bc1749f08b986621a26
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1934409
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1935258
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=c784e5249e773689e38d2bc1749f08b986621a26
- https://access.redhat.com/security/cve/cve-2020-12363
- https://access.redhat.com/errata/RHSA-2021:2314
- https://access.redhat.com/errata/RHSA-2021:2316
- https://bugzilla.redhat.com/show_bug.cgi?id=1930249
- https://www.cve.org/CVERecord?id=CVE-2020-12363 https://nvd.nist.gov/vuln/detail/CVE-2020-12363 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html
- https://access.redhat.com/errata/RHSA-2021:1739
- https://access.redhat.com/errata/RHSA-2021:1578
- https://access.redhat.com/errata/RHSA-2021:1620
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-12363?
CVE-2020-12363 has a medium severity level due to potential denial of service vulnerabilities.
How do I fix CVE-2020-12363?
To fix CVE-2020-12363, update the affected Intel Graphics Drivers and Linux kernel versions to the latest recommended patches.
Which systems are affected by CVE-2020-12363?
CVE-2020-12363 affects certain versions of Intel Graphics Drivers for Windows and the Linux kernel versions 3.10.x and 4.18.x.
What kind of flaw is described in CVE-2020-12363?
CVE-2020-12363 is characterized by improper input validation within Intel Graphics Drivers.
Is local access required to exploit CVE-2020-12363?
Yes, a privileged user with local access is required to potentially exploit CVE-2020-12363.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12363
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/description
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- package-manager/redhat
- vendor/intel
- canonical/intel graphics drivers for windows
- vendor/linux
- canonical/linux kernel