Out-of-Bounds Write Vulnerability in Intel Graphics Drivers
CVE-2023-28401

7.8HIGH

Key Information:

Vendor: Intel
Status: Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-28401?

An out-of-bounds write vulnerability exists in specific Intel Arc and Iris Xe Graphics drivers prior to version 31.0.101.4255. This flaw may allow an authenticated user to exploit local access to potentially escalate privileges within Windows. The weakness arises from improper handling of memory bounds, leading to unintended consequences that could be leveraged to compromise system security.

Affected Version(s)

Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255

References

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Mar 22, 2023