Details of VAR-201903-0984

ID

VAR-201903-0984

CVE

CVE-2018-12224

TITLE

Windows for Intel(R) Graphics Driver Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-014766

DESCRIPTION

Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access. Windows for Intel(R) Graphics Driver Contains an information disclosure vulnerability.Information may be obtained. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. A local attacker could exploit this vulnerability to disclose information. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Trust: 2.43

sources: NVD: CVE-2018-12224 // JVNDB: JVNDB-2018-014766 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122162

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.31.4414	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.36.4703	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.34.4624	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.23.4860	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.43.4425	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6136	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.21.4821	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.33.4578	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.19.4678	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.18.4664	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6194	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6229	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.38.4963	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.41.5058	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6025	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.34.4889	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.37.4835	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6094	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.28.4332	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.26.4294	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.46.4885	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6286	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.45.4653	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5057	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5059	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	20.19.x.5063	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	21.20.x.5064	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	24.20.100.6373	Trust: 0.8
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	csme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	matrix storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx sdk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	usb 3.0 creator utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	for windows	Trust: 0.8

sources: JVNDB: JVNDB-2018-014766 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12224

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12224
value:	LOW
Trust: 1.0
NVD:	CVE-2018-12224
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201903-539
value:	LOW
Trust: 0.6
VULHUB:	VHN-122162
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-12224
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122162
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12224
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122162 // JVNDB: JVNDB-2018-014766 // CNNVD: CNNVD-201903-539 // NVD: CVE-2018-12224

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-122162 // JVNDB: JVNDB-2018-014766 // NVD: CVE-2018-12224

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-539

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201903-539

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014766

PATCH

title:	INTEL-SA-00189	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html	Trust: 0.8
title:	INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Trust: 0.8
title:	INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html	Trust: 0.8
title:	INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 0.8
title:	INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 0.8
title:	INTEL-SA-00216 - Intel Matrix Storage Manager Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html	Trust: 0.8
title:	INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html	Trust: 0.8
title:	INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html	Trust: 0.8
title:	Intel Graphics Driver for Windows Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90128	Trust: 0.6

sources: JVNDB: JVNDB-2018-014766 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-539

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12224	Trust: 2.5
db:	LENOVO	id:	LEN-25084	Trust: 1.7
db:	JVN	id:	JVNVU98344681	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-001582	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014766	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-539	Trust: 0.7
db:	NSFOCUS	id:	42996	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0822	Trust: 0.6
db:	VULHUB	id:	VHN-122162	Trust: 0.1

sources: VULHUB: VHN-122162 // JVNDB: JVNDB-2018-014766 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-539 // NVD: CVE-2018-12224

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 2.3
url:	https://support.lenovo.com/us/en/product_security/len-25084	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12224	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12224	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/42996	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77106	Trust: 0.6
url:	https://support.lenovo.com/us/zh/solutions/len-25084	Trust: 0.6

sources: VULHUB: VHN-122162 // JVNDB: JVNDB-2018-014766 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-539 // NVD: CVE-2018-12224

CREDITS

Intel ( http://www.intel.com/ ) ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-539

SOURCES

db:	VULHUB	id:	VHN-122162
db:	JVNDB	id:	JVNDB-2018-014766
db:	JVNDB	id:	JVNDB-2019-001582
db:	CNNVD	id:	CNNVD-201903-539
db:	NVD	id:	CVE-2018-12224

LAST UPDATE DATE

2024-11-23T20:48:22.168000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122162	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-014766	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-539	date:	2019-09-26T00:00:00
db:	NVD	id:	CVE-2018-12224	date:	2024-11-21T03:44:48.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122162	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014766	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-539	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-12224	date:	2019-03-14T20:29:01.380