Two weeks ago, on January 14th, Intel revealed two new vulnerabilities affecting systems with Intel Graphics Processing Units (GPUs), known as CVE-2020-7053 and CVE-2019-14615. These vulnerabilities were present in the Intel graphics driver (i915) for GNU/Linux systems, and thus having an impact on almost all Linux-based operating systems. CVE-2019-14615 did not let the Linux kernel to properly clear data structures on context switches for some Intel GPUs, which could allow a local attacker to expose sensitive information. On the other hand, CVE-2020-7053 is a race condition that could lead to a use-after-free, destroying GEM contexts in the i915 graphics driver. This could allow a local attacker to crash the system or execute arbitrary code.
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis