CVE-2024-28954
📋 TL;DR
This vulnerability allows authenticated local users to escalate privileges due to incorrect default permissions in Intel Graphics Driver installers. Attackers could gain higher system privileges than intended. This affects systems with vulnerable Intel Graphics Driver versions installed.
💻 Affected Systems
- Intel Graphics Drivers
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Local authenticated attacker gains SYSTEM/root privileges, enabling complete system compromise, data theft, persistence installation, and lateral movement.
Likely Case
Local user with standard privileges escalates to administrator/root to install malware, modify system configurations, or access protected data.
If Mitigated
With proper access controls and least privilege principles, impact is limited to specific driver-related functions rather than full system compromise.
🎯 Exploit Status
Requires local authenticated access. Exploitation likely involves manipulating installer permissions to execute arbitrary code with elevated privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Updated drivers as specified in Intel advisory INTEL-SA-01253
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01253.html
Restart Required: Yes
Instructions:
1. Visit Intel's security advisory INTEL-SA-01253
2. Identify your affected driver version
3. Download and install the updated driver from Intel's official site
4. Restart the system
🔧 Temporary Workarounds
Restrict installer directory permissions
allManually set proper permissions on Intel Graphics Driver installation directories to prevent unauthorized access
Windows: icacls "C:\Intel\Graphics\" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
Linux: chmod 755 /opt/intel/graphics/ && chown root:root /opt/intel/graphics/
🧯 If You Can't Patch
- Implement strict least privilege principles for all user accounts
- Monitor and audit file permission changes in Intel Graphics directories
🔍 How to Verify
Check if Vulnerable:
Check installed Intel Graphics Driver version against affected versions in Intel advisory INTEL-SA-01253Check Version:
Windows: Get-WmiObject Win32_PnPSignedDriver | Where-Object {$_.DeviceName -like '*Intel*Graphics*'} | Select-Object DeviceName, DriverVersion
Linux: modinfo i915 | grep versionVerify Fix Applied:
Verify driver version has been updated to patched version and check installer directory permissions are properly restricted📡 Detection & Monitoring
Log Indicators:
- Unexpected permission changes in Intel Graphics directories
- Process creation from Intel Graphics installer locations with elevated privileges
- Failed privilege escalation attempts
Network Indicators:
- None - local privilege escalation only
SIEM Query:
Process creation where (parent_process contains 'intel' OR process_path contains 'intel') AND integrity_level changed