{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-12364", "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "dateUpdated": "2024-08-04T11:56:51.905Z", "dateReserved": "2020-04-28T00:00:00", "datePublished": "2021-02-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel", "dateUpdated": "2023-04-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access."}], "affected": [{"vendor": "n/a", "product": "Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and", "versions": [{"version": "before version 26.20.100.7212 and before version Linux kernel version 5.5", "status": "affected"}]}], "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"}, {"name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "denial of service"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:56:51.905Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230401 [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:graphics_drivers:*:*:*:*:*:windows:*:*", "matchCriteriaId": "FB8F3C72-7178-4E24-A785-02DDD5944F76", "versionEndExcluding": "26.20.100.7212", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:graphics_drivers:*:*:*:*:*:*:*:*", "matchCriteriaId": "2956A62E-3790-41A6-B9C4-3200DA977D1F", "versionEndExcluding": "26.20.100.7212", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5835B8E0-83CB-4B09-A21A-3CB59AF41F62", "versionEndExcluding": "5.5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access."}, {"lang": "es", "value": "Una referencia de puntero null en algunos Intel\u00ae Graphics Drivers para Windows* versiones anteriores a 26.20.100.7212 y la versi\u00f3n 5.5 del kernel de Linux, puede permitir a un usuario privilegiado habilitar potencialmente una denegaci\u00f3n de servicio por medio de un acceso local"}], "id": "CVE-2020-12364", "lastModified": "2024-11-21T04:59:35.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-17T14:15:15.233", "references": [{"source": "secure@intel.com", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"}, {"source": "secure@intel.com", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2316", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.31.1.rt56.1169.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-06-08T00:00:00Z"}, {"advisory": "RHSA-2021:2314", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.31.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-06-08T00:00:00Z"}, {"advisory": "RHSA-2021:1739", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-305.rt7.72.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1578", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-305.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1620", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "linux-firmware-0:20201218-102.git05789708.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}], "bugzilla": {"description": "kernel: Null pointer dereference in some Intel(R) Graphics Drivers", "id": "1930251", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930251"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.", "Null pointer reference in some Intel(R) Graphics Drivers for Microsoft Windows and the Linux kernel may allow a privileged user to potentially enable a denial of service via local access."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2020-12364", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "linux-firmware", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-02-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12364\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12364\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"], "statement": "To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.", "threat_severity": "Moderate"}