CVE-2019-11112 – This vulnerability allows an authenticated user... (How to Fix)

Q: What is the severity of CVE-2019-11112?

CVE-2019-11112 has a CVSS score of 7.8 (HIGH). This vulnerability allows an authenticated user to exploit memory corruption in Intel Graphics Kernel Mode Drivers to potentially escalate privileges via local access. It affects systems with Intel Graphics Drivers before specific versions. Attackers could gain higher system privileges than intended.

📋 TL;DR

This vulnerability allows an authenticated user to exploit memory corruption in Intel Graphics Kernel Mode Drivers to potentially escalate privileges via local access. It affects systems with Intel Graphics Drivers before specific versions. Attackers could gain higher system privileges than intended.

💻 Affected Systems

Products:

Intel Graphics Drivers

Versions: Versions before 26.20.100.6813 (DCH) or 26.20.100.6812

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Intel integrated or discrete graphics. Requires authenticated user access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of malware, data theft, or persistence mechanisms.

🟠

Likely Case

Local privilege escalation allowing authenticated users to gain administrative rights on the affected system.

🟢

If Mitigated

Limited impact if proper access controls and least privilege principles are enforced, though exploitation could still occur.

🌐 Internet-Facing: LOW - Requires local authenticated access, not directly exploitable over network.

🏢 Internal Only: HIGH - Authenticated users could exploit this to gain administrative privileges on their local systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local authenticated access and knowledge of memory corruption exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 26.20.100.6813 (DCH) or 26.20.100.6812 and later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html

Restart Required: Yes

Instructions:

1. Download latest Intel Graphics Driver from Intel website. 2. Run installer. 3. Follow on-screen instructions. 4. Restart system when prompted.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Apply least privilege principle to limit authenticated users' capabilities

🧯 If You Can't Patch

Implement strict access controls and limit local user privileges
Monitor systems for unusual privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Intel Graphics Driver version in Device Manager > Display adapters > Intel Graphics > Driver tab

Check Version:

wmic path win32_pnpsigneddriver where "devicename like '%Intel%Graphics%'" get devicename, driverversion

Verify Fix Applied:

Verify driver version is 26.20.100.6813 or higher (DCH) or 26.20.100.6812 or higher

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Driver loading failures
System crash dumps related to graphics driver

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=4672 OR EventID=4688 with privileged account creation from non-admin users

📊 Metadata

CVE ID: CVE-2019-11112

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: November 14, 2019

Last Updated: November 21, 2024

🔗 References

https://security.netapp.com/advisory/ntap-20200320-0005/ Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html Vendor Advisory
https://security.netapp.com/advisory/ntap-20200320-0005/ Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-11112, you might also want to check these: