Sign-up

ID

VAR-201903-0980


CVE

CVE-2018-12220


TITLE

Windows for Intel(R) Graphics Driver Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014762

DESCRIPTION

Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access. Windows for Intel(R) Graphics Driver Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Graphics Driver for Windows is a graphics card driver for Windows platform developed by Intel Corporation. Kernel Mode Driver is one of the kernel mode drivers. There is a security hole in the Kernel Mode Driver in the Windows-based Intel Graphics Driver. A local attacker could exploit this vulnerability to execute arbitrary code. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Trust: 2.43

sources: NVD: CVE-2018-12220 // JVNDB: JVNDB-2018-014762 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122158

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:eqversion:15.36.31.4414

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.40.36.4703

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.40.34.4624

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.45.23.4860

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.43.4425

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:24.20.100.6136

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.45.21.4821

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.33.4578

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.45.19.4678

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.45.18.4664

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:24.20.100.6194

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:24.20.100.6229

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.40.38.4963

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.40.41.5058

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:24.20.100.6025

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.34.4889

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.40.37.4835

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:24.20.100.6094

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.28.4332

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.26.4294

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.46.4885

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:24.20.100.6286

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.45.4653

Trust: 1.0

vendor:intelmodel:graphics driverscope:ltversion:10.18.x.5057

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:10.18.x.5059

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:20.19.x.5063

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:21.20.x.5064

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:24.20.100.6373

Trust: 0.8

vendor:intelmodel:accelerated storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:csmescope: - version: -

Trust: 0.8

vendor:intelmodel:matrix storage managerscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:sgx sdkscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:usb 3.0 creator utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:for windows

Trust: 0.8

sources: JVNDB: JVNDB-2018-014762 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12220
value: HIGH

Trust: 1.0

NVD: CVE-2018-12220
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201903-545
value: HIGH

Trust: 0.6

VULHUB: VHN-122158
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-12220
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122158
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12220
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.5
impactScore: 6.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122158 // JVNDB: JVNDB-2018-014762 // CNNVD: CNNVD-201903-545 // NVD: CVE-2018-12220

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-122158 // JVNDB: JVNDB-2018-014762 // NVD: CVE-2018-12220

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-545

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201903-545

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014762

PATCH
title:INTEL-SA-00189url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html
Trust: 0.8
title:INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html
Trust: 0.8
title:INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
Trust: 0.8
title:INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 0.8
title:INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
Trust: 0.8
title:INTEL-SA-00216 - Intel Matrix Storage Manager Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html
Trust: 0.8
title:INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html
Trust: 0.8
title:INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html
Trust: 0.8
title:Intel Graphics Driver for Windows Kernel Mode Driver Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90134
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014762 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-545

EXTERNAL IDS
db:NVDid:CVE-2018-12220
Trust: 2.5
db:LENOVOid:LEN-25084
Trust: 1.7
db:JVNid:JVNVU98344681
Trust: 1.6
db:JVNDBid:JVNDB-2019-001582
Trust: 1.6
db:JVNDBid:JVNDB-2018-014762
Trust: 0.8
db:CNNVDid:CNNVD-201903-545
Trust: 0.7
db:NSFOCUSid:42992
Trust: 0.6
db:AUSCERTid:ESB-2019.0822
Trust: 0.6
db:VULHUBid:VHN-122158
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122158 // 
            
            
            
            JVNDB: JVNDB-2018-014762 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-545 // 
            
            
            
            NVD: CVE-2018-12220

REFERENCES
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
Trust: 2.3
url:https://support.lenovo.com/us/en/product_security/len-25084
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-12220
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12220
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html
Trust: 0.8
url:https://jvn.jp/vu/jvnvu98344681
Trust: 0.8
url:https://www.auscert.org.au/bulletins/77106
Trust: 0.6
url:https://support.lenovo.com/us/zh/solutions/len-25084
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42992
Trust: 0.6
sources:
            
            
            VULHUB: VHN-122158 // 
            
            
            
            JVNDB: JVNDB-2018-014762 // 
            
            
            
            JVNDB: JVNDB-2019-001582 // 
            
            
            
            CNNVD: CNNVD-201903-545 // 
            
            
            
            NVD: CVE-2018-12220

CREDITS
Intel ( http://www.intel.com/ )  ??
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-545

SOURCES
db:VULHUBid:VHN-122158
db:JVNDBid:JVNDB-2018-014762
db:JVNDBid:JVNDB-2019-001582
db:CNNVDid:CNNVD-201903-545
db:NVDid:CVE-2018-12220

LAST UPDATE DATE
2024-11-23T20:58:32.954000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122158date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-014762date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-545date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12220date:2024-11-21T03:44:48.360

SOURCES RELEASE DATE
db:VULHUBid:VHN-122158date:2019-03-14T00:00:00
db:JVNDBid:JVNDB-2018-014762date:2019-04-10T00:00:00
db:JVNDBid:JVNDB-2019-001582date:2019-03-15T00:00:00
db:CNNVDid:CNNVD-201903-545date:2019-03-14T00:00:00
db:NVDid:CVE-2018-12220date:2019-03-14T20:29:01.270