
CVE-2019-0155 is about user-space writes to the blitter command streamer that could allow an unprivileged user to elevate their privileges on the system.
CVE-2019-0154 is the other vulnerability and that could result in an unprivileged user being able to cause a denial of service by reading select memory regions when the graphics hardware is in certain low-power configurations.
The Linux kernel has merged the MMIO register read hang and blitter command streamer unrestricted memory accesses issues. Updated graphics firmware is also being made available. These issues appear to affect at least Gen8 and Gen9 graphics hardware (Broadwell through pre-Cannonlake/Icelake). The commit message spells out these two Intel graphics driver vulnerabilities in more detail.
Add A Comment