Details of VAR-201903-0982

ID

VAR-201903-0982

CVE

CVE-2018-12222

TITLE

Windows for Intel(R) Graphics Driver Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2018-014764

DESCRIPTION

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an out of bound memory read via local access. Windows for Intel(R) Graphics Driver Contains an out-of-bounds vulnerability and an input validation vulnerability.Information may be obtained. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Kernel Mode Driver is one of the kernel mode drivers. A local attacker can exploit this vulnerability to cause an out-of-bounds memory read. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Trust: 2.43

sources: NVD: CVE-2018-12222 // JVNDB: JVNDB-2018-014764 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122160

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.31.4414	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.36.4703	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.34.4624	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.23.4860	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.43.4425	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6136	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.21.4821	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.33.4578	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.19.4678	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.18.4664	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6194	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6229	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.38.4963	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.41.5058	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6025	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.34.4889	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.37.4835	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6094	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.28.4332	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.26.4294	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.46.4885	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6286	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.45.4653	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5057	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5059	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	20.19.x.5063	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	21.20.x.5064	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	24.20.100.6373	Trust: 0.8
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	csme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	matrix storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx sdk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	usb 3.0 creator utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	for windows	Trust: 0.8

sources: JVNDB: JVNDB-2018-014764 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12222
value:	LOW
Trust: 1.0
NVD:	CVE-2018-12222
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201903-533
value:	LOW
Trust: 0.6
VULHUB:	VHN-122160
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-12222
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122160
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12222
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122160 // JVNDB: JVNDB-2018-014764 // CNNVD: CNNVD-201903-533 // NVD: CVE-2018-12222

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.9
problemtype:	CWE-20	Trust: 1.9

sources: VULHUB: VHN-122160 // JVNDB: JVNDB-2018-014764 // NVD: CVE-2018-12222

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-533

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-533

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014764

PATCH

title:	INTEL-SA-00189	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html	Trust: 0.8
title:	INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Trust: 0.8
title:	INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html	Trust: 0.8
title:	INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 0.8
title:	INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 0.8
title:	INTEL-SA-00216 - Intel Matrix Storage Manager Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html	Trust: 0.8
title:	INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html	Trust: 0.8
title:	INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html	Trust: 0.8
title:	Intel Graphics Driver for Windows Kernel Mode Driver Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90122	Trust: 0.6

sources: JVNDB: JVNDB-2018-014764 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-533

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12222	Trust: 2.5
db:	LENOVO	id:	LEN-25084	Trust: 1.7
db:	JVN	id:	JVNVU98344681	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-001582	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014764	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-533	Trust: 0.7
db:	NSFOCUS	id:	42994	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0822	Trust: 0.6
db:	VULHUB	id:	VHN-122160	Trust: 0.1

sources: VULHUB: VHN-122160 // JVNDB: JVNDB-2018-014764 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-533 // NVD: CVE-2018-12222

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 2.3
url:	https://support.lenovo.com/us/en/product_security/len-25084	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12222	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12222	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/42994	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77106	Trust: 0.6
url:	https://support.lenovo.com/us/zh/solutions/len-25084	Trust: 0.6

sources: VULHUB: VHN-122160 // JVNDB: JVNDB-2018-014764 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-533 // NVD: CVE-2018-12222

CREDITS

Intel ( http://www.intel.com/ ) ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-533

SOURCES

db:	VULHUB	id:	VHN-122160
db:	JVNDB	id:	JVNDB-2018-014764
db:	JVNDB	id:	JVNDB-2019-001582
db:	CNNVD	id:	CNNVD-201903-533
db:	NVD	id:	CVE-2018-12222

LAST UPDATE DATE

2024-11-23T20:18:20.025000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122160	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-014764	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-533	date:	2019-09-26T00:00:00
db:	NVD	id:	CVE-2018-12222	date:	2024-11-21T03:44:48.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122160	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014764	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-533	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-12222	date:	2019-03-14T20:29:01.333