Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

Serious vulnerability found in Intel device driver.

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.

Serious vulnerability found in Intel device driver.

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns.

Eclypsium revealed in August that its researchers had identified serious vulnerabilities in more than 40 device drivers from 20 vendors, including AMI, ASRock, ASUS, ATI, Biostar, EVGA, Getac, Gigabyte, Huawei, Insyde, Intel, MSI, NVIDIA, Phoenix Technologies, Realtek, SuperMicro and Toshiba.

The flaws uncovered by the company can be exploited by a piece of malware to escalate privileges to kernel mode, allowing it to gain control over both the operating system and hardware and firmware interfaces.

Of all the vendors notified by Eclypsium until August, only Intel and Huawei released patches and advisories, and Phoenix and Insyde provided fixes to their OEM customers.

Eclypsium now says Intel this week also released patches for a vulnerability in its PMx Driver (PMxDrv). The security flaw affecting the PMx driver poses a serious risk due to the fact that the driver can read and write to physical memory, to model specific registers, control registers, IDT and GDT descriptor tables, and to debug registers. The driver can also gain I/O and PCI access.

“This level of access can provide an attacker with near-omnipotent control over a victim device,” Eclypsium warned in a blog post published on Tuesday.

The PMx driver, Eclypsium says, is “one of the most capable, feature-rich, and most common drivers we have seen to date.” The company explained that the driver is delivered by Intel with a tool provided to OEM vendors and their customers for updating a device’s BIOS, and it was also provided to customers as part of a toolset released in response to the discovery of some vulnerabilities in Intel technology.

One way to prevent attacks exploiting these types of vulnerabilities involves the use of Microsoft’s hypervisor-protected code integrity (HVCI) technology, which should protect the operating system kernel. However, the technology only works with newer processors.

Eclypsium says the best option for preventing attacks involves blocking or blacklisting problematic drivers. For example, Insyde, one of the companies whose drivers were found to be vulnerable, reached out to Microsoft and asked the tech giant to block affected versions of the driver via Windows Defender. According to Eclypsium, Insyde is the only vendor to have taken this step.

Related: Hackers Can Plant Backdoors on Bare Metal Cloud Servers

Related: Servers Can Be Bricked Remotely via BMC Attack

Related: BMC Firmware Vulnerabilities Affect Lenovo, Gigabyte Servers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.