Sign-up

ID

VAR-201612-0027


CVE

CVE-2016-5647


TITLE

Windows Intel running on Graphics driver igdkmd64 Service disruption in modules (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-006479

DESCRIPTION

The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request. Intel HD Graphics Windows Kernel Driver is prone to a local arbitrary code-execution vulnerability. A local attacker can exploit this issue to execute arbitrary code or gain elevated privileges. Intel HD Graphics Windows Kernel Driver 10.18.14.4264 is vulnerable

Trust: 2.07

sources: NVD: CVE-2016-5647 // JVNDB: JVNDB-2016-006479 // BID: 91708 // VULHUB: VHN-94466 // VULMON: CVE-2016-5647

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:lteversion:15.33.42.4358

Trust: 1.8

vendor:intelmodel:graphics driverscope:lteversion:15.40.4404

Trust: 1.0

vendor:intelmodel:graphics driverscope:lteversion:15.36.30.4385

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.40

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.33

Trust: 1.0

vendor:intelmodel:graphics driverscope:gteversion:15.36

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.30.4385 for up to 15.36.x

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.40.4404 for up to 15.40.x

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.33.42.4358

Trust: 0.6

vendor:intelmodel:graphics driverscope:eqversion:15.36.30.4385

Trust: 0.6

vendor:intelmodel:graphics driverscope:eqversion:15.40.4404

Trust: 0.6

vendor:intelmodel:hd graphics windows kernel mode driverscope:eqversion:10.18.14.4264

Trust: 0.3

sources: BID: 91708 // JVNDB: JVNDB-2016-006479 // CNNVD: CNNVD-201607-171 // NVD: CVE-2016-5647

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-5647
value: HIGH

Trust: 1.0

NVD: CVE-2016-5647
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201607-171
value: HIGH

Trust: 0.6

VULHUB: VHN-94466
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-5647
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-5647
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-94466
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-5647
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-94466 // VULMON: CVE-2016-5647 // JVNDB: JVNDB-2016-006479 // CNNVD: CNNVD-201607-171 // NVD: CVE-2016-5647

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-94466 // JVNDB: JVNDB-2016-006479 // NVD: CVE-2016-5647

THREAT TYPE

local

Trust: 0.9

sources: BID: 91708 // CNNVD: CNNVD-201607-171

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201607-171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006479

PATCH
title:Multiple Potential Vulnerabilities in the Intel Graphics Driver for Microsoft Windowsurl:https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00054&languageid=en-fr
Trust: 0.8
title:LEN-7484url:https://support.lenovo.com/jp/ja/product_security/ps500068
Trust: 0.8
title:Intel Graphics Kernel Mode Driver Repair measures for communication function security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62759
Trust: 0.6
title:Threatposturl:https://threatpost.com/intel-patches-local-eop-vulnerability-impacting-windows-7/119248/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-5647 // 
            
            
            
            JVNDB: JVNDB-2016-006479 // 
            
            
            
            CNNVD: CNNVD-201607-171

EXTERNAL IDS
db:NVDid:CVE-2016-5647
Trust: 2.9
db:TALOSid:TALOS-2016-0087
Trust: 2.1
db:BIDid:91708
Trust: 2.1
db:JVNDBid:JVNDB-2016-006479
Trust: 0.8
db:CNNVDid:CNNVD-201607-171
Trust: 0.7
db:SEEBUGid:SSVID-96731
Trust: 0.1
db:VULHUBid:VHN-94466
Trust: 0.1
db:VULMONid:CVE-2016-5647
Trust: 0.1
sources:
            
            
            VULHUB: VHN-94466 // 
            
            
            
            VULMON: CVE-2016-5647 // 
            
            
            
            BID: 91708 // 
            
            
            
            JVNDB: JVNDB-2016-006479 // 
            
            
            
            CNNVD: CNNVD-201607-171 // 
            
            
            
            NVD: CVE-2016-5647

REFERENCES
url:http://www.talosintelligence.com/reports/talos-2016-0087/
Trust: 2.1
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00054&languageid=en-fr
Trust: 2.0
url:http://www.securityfocus.com/bid/91708
Trust: 1.8
url:https://support.lenovo.com/us/en/product_security/ps500068
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5647
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5647
Trust: 0.8
url:http://www.intel.com/content/www/us/en/homepage.html
Trust: 0.3
url:https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00054&languageid=en-fr
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/intel-patches-local-eop-vulnerability-impacting-windows-7/119248/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-94466 // 
            
            
            
            VULMON: CVE-2016-5647 // 
            
            
            
            BID: 91708 // 
            
            
            
            JVNDB: JVNDB-2016-006479 // 
            
            
            
            CNNVD: CNNVD-201607-171 // 
            
            
            
            NVD: CVE-2016-5647

CREDITS
Piotr Bania of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201607-171

SOURCES
db:VULHUBid:VHN-94466
db:VULMONid:CVE-2016-5647
db:BIDid:91708
db:JVNDBid:JVNDB-2016-006479
db:CNNVDid:CNNVD-201607-171
db:NVDid:CVE-2016-5647

LAST UPDATE DATE
2024-11-23T22:45:47.786000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-94466date:2019-05-30T00:00:00
db:VULMONid:CVE-2016-5647date:2019-05-30T00:00:00
db:BIDid:91708date:2016-07-11T00:00:00
db:JVNDBid:JVNDB-2016-006479date:2017-01-05T00:00:00
db:CNNVDid:CNNVD-201607-171date:2019-05-31T00:00:00
db:NVDid:CVE-2016-5647date:2024-11-21T02:54:45.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-94466date:2016-12-13T00:00:00
db:VULMONid:CVE-2016-5647date:2016-12-13T00:00:00
db:BIDid:91708date:2016-07-11T00:00:00
db:JVNDBid:JVNDB-2016-006479date:2017-01-05T00:00:00
db:CNNVDid:CNNVD-201607-171date:2016-07-12T00:00:00
db:NVDid:CVE-2016-5647date:2016-12-13T18:59:00.197