CVE-2019-0155

Q: What is the severity of CVE-2019-0155?

CVE-2019-0155 has a CVSS score of 7.8 (HIGH). This vulnerability allows an authenticated user to potentially escalate privileges via local access due to insufficient access control in Intel processor graphics subsystems. It affects multiple Intel processor families and graphics drivers across Windows and Linux systems. Exploitation could lead to unauthorized system control.

7.8 HIGH

📋 TL;DR

This vulnerability allows an authenticated user to potentially escalate privileges via local access due to insufficient access control in Intel processor graphics subsystems. It affects multiple Intel processor families and graphics drivers across Windows and Linux systems. Exploitation could lead to unauthorized system control.

💻 Affected Systems

Products:

Intel Core Processors (6th-9th Gen)
Intel Pentium Processors (J, N, Silver, Gold Series)
Intel Celeron Processors (J, N, G3900, G4900 Series)
Intel Atom Processors (A, E3900 Series)
Intel Xeon Processors (E3-1500 v5/v6, E-2100, E-2200)
Intel Graphics Driver for Windows
i915 Linux Driver for Intel Processor Graphics

Versions: Windows drivers before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077; Linux drivers before 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Intel integrated graphics using vulnerable driver versions. Requires local authenticated access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains full system administrator/root privileges, enabling complete system compromise, data theft, and persistence.

🟠

Likely Case

Local authenticated user escalates privileges to gain unauthorized access to sensitive system resources or other user accounts.

🟢

If Mitigated

With proper access controls and patching, impact is limited to denial of service or minimal privilege escalation.

🌐 Internet-Facing: LOW - Requires local authenticated access, not remotely exploitable over network.

🏢 Internal Only: HIGH - Local authenticated users (including compromised accounts) can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and knowledge of the vulnerability. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Windows: 26.20.100.6813 (DCH) or 26.20.100.6812 and 21.20.x.5077 or later; Linux: 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 or later

Vendor Advisory: https://access.redhat.com/errata/RHSA-2019:3841

Restart Required: Yes

Instructions:

1. Identify affected systems using version_check_command. 2. Download updated drivers from Intel or OS vendor. 3. Install updated graphics drivers. 4. Reboot system to apply changes. 5. Verify installation with verification commands.

🔧 Temporary Workarounds

Restrict Local User Access

all

Limit local user accounts and implement least privilege principles to reduce attack surface.

Disable Intel Graphics if Not Needed

all

If system has dedicated graphics and doesn't require Intel integrated graphics, disable it in BIOS/UEFI.

🧯 If You Can't Patch

Implement strict access controls and monitor for privilege escalation attempts
Segment affected systems and limit lateral movement capabilities

🔍 How to Verify

Check if Vulnerable:

Check graphics driver version against affected versions. On Linux: check kernel version with 'uname -r'. On Windows: check driver version in Device Manager under Display adapters.

Check Version:

Linux: 'uname -r'; Windows: 'wmic path win32_pnpentity get caption,driverVersion' or check Device Manager

Verify Fix Applied:

Confirm driver/kernel version is updated to patched versions. Test privilege escalation attempts should fail.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Failed authorization attempts on graphics subsystem
Driver loading/unloading anomalies

Network Indicators:

None - local exploit only

SIEM Query:

Search for events related to graphics driver access, privilege changes, or unauthorized system calls from non-admin users.

📊 Metadata

CVE ID: CVE-2019-0155

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: November 14, 2019

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Third Party Advisory,VDB Entry
https://access.redhat.com/errata/RHSA-2019:3841 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3887 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3889 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3908 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204 Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/26 Issue Tracking,Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200320-0005/ Third Party Advisory
https://support.f5.com/csp/article/K73659122?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4186-2/ Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html Vendor Advisory
http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Third Party Advisory,VDB Entry
https://access.redhat.com/errata/RHSA-2019:3841 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3887 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3889 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3908 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204 Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/26 Issue Tracking,Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20200320-0005/ Third Party Advisory
https://support.f5.com/csp/article/K73659122?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4186-2/ Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Atom X5 E3930 Firmware by Intel

Atom X5 E3940 Firmware by Intel

Atom X7 E3950 Firmware by Intel

Celeron G3900 Firmware by Intel

Celeron G3900e Firmware by Intel

Celeron G3900t Firmware by Intel

Celeron G3900te Firmware by Intel

Celeron G3902e Firmware by Intel

Celeron G3920 Firmware by Intel

Celeron G3930 Firmware by Intel

Celeron G3930e Firmware by Intel

Celeron G3930t Firmware by Intel

Celeron G3930te Firmware by Intel

Celeron G3950 Firmware by Intel

Celeron G4900 Firmware by Intel

Celeron G4900t Firmware by Intel

Celeron G4920 Firmware by Intel

Celeron G4930 Firmware by Intel

Celeron G4930e Firmware by Intel

Celeron G4930t Firmware by Intel

Celeron G4932e Firmware by Intel

Celeron G4950 Firmware by Intel

Celeron J1750 Firmware by Intel

Celeron J1800 Firmware by Intel

Celeron J1850 Firmware by Intel

Celeron J1900 Firmware by Intel

Celeron J3060 Firmware by Intel

Celeron J3160 Firmware by Intel

Celeron J3355 Firmware by Intel

Celeron J3355e Firmware by Intel

Celeron J3455 Firmware by Intel

Celeron J3455 Firmware by Intel

Celeron J4005 Firmware by Intel

Celeron J4025 Firmware by Intel

Celeron J4105 Firmware by Intel

Celeron J4125 Firmware by Intel

Celeron N2805 Firmware by Intel

Celeron N2806 Firmware by Intel

Celeron N2807 Firmware by Intel

Celeron N2808 Firmware by Intel

Celeron N2810 Firmware by Intel

Celeron N2815 Firmware by Intel

Celeron N2820 Firmware by Intel

Celeron N2830 Firmware by Intel

Celeron N2840 Firmware by Intel

Celeron N2910 Firmware by Intel

Celeron N2920 Firmware by Intel

Celeron N2930 Firmware by Intel

Celeron N2940 Firmware by Intel

Celeron N3000 Firmware by Intel

Celeron N3010 Firmware by Intel

Celeron N3050 Firmware by Intel

Celeron N3060 Firmware by Intel

Celeron N3150 Firmware by Intel

Celeron N3160 Firmware by Intel

Celeron N3350 Firmware by Intel

Celeron N3350e Firmware by Intel

Celeron N3450 Firmware by Intel

Celeron N4000 Firmware by Intel

Celeron N4020 Firmware by Intel

Celeron N4100 Firmware by Intel

Celeron N4120 Firmware by Intel

Core I3 1005g1 Firmware by Intel

Core I3 10110u Firmware by Intel

Core I3 10110y Firmware by Intel

Core I3 5005u Firmware by Intel

Core I3 5010u Firmware by Intel

Core I3 5015u Firmware by Intel

Core I3 5020u Firmware by Intel

Core I3 5157u Firmware by Intel

Core I3 6100 Firmware by Intel

Core I3 6100h Firmware by Intel

Core I3 6100u Firmware by Intel

Core I3 6167u Firmware by Intel

Core I3 7100 Firmware by Intel

Core I3 7100h Firmware by Intel

Core I3 7100t Firmware by Intel