Details of VAR-201903-0999

ID

VAR-201903-0999

CVE

CVE-2018-12218

TITLE

Windows for Intel(R) Graphics Driver Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014767

DESCRIPTION

Unhandled exception in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a memory leak via local access. Windows for Intel(R) Graphics Driver Contains a buffer error vulnerability.Information may be obtained. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. User Mode Driver is one of the user mode drivers. There is a security vulnerability in the User Mode Driver of the Windows-based Intel Graphics Driver. A local attacker could exploit this vulnerability to leak memory. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Trust: 2.43

sources: NVD: CVE-2018-12218 // JVNDB: JVNDB-2018-014767 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122155

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.31.4414	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.36.4703	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.34.4624	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.23.4860	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.43.4425	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6136	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.21.4821	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.33.4578	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.19.4678	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.18.4664	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6194	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6229	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.38.4963	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.41.5058	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6025	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.34.4889	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.37.4835	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6094	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.28.4332	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.26.4294	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.46.4885	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6286	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.45.4653	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5057	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5059	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	20.19.x.5063	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	21.20.x.5064	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	24.20.100.6373	Trust: 0.8
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	csme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	matrix storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx sdk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	usb 3.0 creator utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	for windows	Trust: 0.8

sources: JVNDB: JVNDB-2018-014767 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12218

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12218
value:	LOW
Trust: 1.0
NVD:	CVE-2018-12218
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201903-561
value:	LOW
Trust: 0.6
VULHUB:	VHN-122155
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-12218
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122155
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12218
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122155 // JVNDB: JVNDB-2018-014767 // CNNVD: CNNVD-201903-561 // NVD: CVE-2018-12218

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-122155 // JVNDB: JVNDB-2018-014767 // NVD: CVE-2018-12218

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-561

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-561

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014767

PATCH

title:	INTEL-SA-00189	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html	Trust: 0.8
title:	INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Trust: 0.8
title:	INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html	Trust: 0.8
title:	INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 0.8
title:	INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 0.8
title:	INTEL-SA-00216 - Intel Matrix Storage Manager Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html	Trust: 0.8
title:	INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html	Trust: 0.8
title:	INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html	Trust: 0.8
title:	Intel Graphics Driver for Windows User Mode Driver Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90148	Trust: 0.6

sources: JVNDB: JVNDB-2018-014767 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-561

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12218	Trust: 2.5
db:	LENOVO	id:	LEN-25084	Trust: 1.7
db:	JVN	id:	JVNVU98344681	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-001582	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014767	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-561	Trust: 0.7
db:	NSFOCUS	id:	43001	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0822	Trust: 0.6
db:	VULHUB	id:	VHN-122155	Trust: 0.1

sources: VULHUB: VHN-122155 // JVNDB: JVNDB-2018-014767 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-561 // NVD: CVE-2018-12218

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 2.3
url:	https://support.lenovo.com/us/en/product_security/len-25084	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12218	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12218	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/77106	Trust: 0.6
url:	https://support.lenovo.com/us/zh/solutions/len-25084	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43001	Trust: 0.6

sources: VULHUB: VHN-122155 // JVNDB: JVNDB-2018-014767 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-561 // NVD: CVE-2018-12218

CREDITS

Intel ( http://www.intel.com/ ) ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-561

SOURCES

db:	VULHUB	id:	VHN-122155
db:	JVNDB	id:	JVNDB-2018-014767
db:	JVNDB	id:	JVNDB-2019-001582
db:	CNNVD	id:	CNNVD-201903-561
db:	NVD	id:	CVE-2018-12218

LAST UPDATE DATE

2024-11-23T20:33:54.086000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122155	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-014767	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-561	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-12218	date:	2024-11-21T03:44:48.120

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122155	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014767	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-561	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-12218	date:	2019-03-14T20:29:01.210