Details of VAR-201903-1036

ID

VAR-201903-1036

CVE

CVE-2018-18089

TITLE

Windows for Intel(R) Graphics Driver Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2018-014761

DESCRIPTION

Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access. Windows for Intel(R) Graphics Driver Contains an out-of-bounds vulnerability.Information may be obtained. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. A local attacker could exploit this vulnerability to disclose information. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Trust: 2.43

sources: NVD: CVE-2018-18089 // JVNDB: JVNDB-2018-014761 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-128613

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.31.4414	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.36.4703	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.34.4624	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.23.4860	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.43.4425	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6136	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.21.4821	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.33.4578	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.19.4678	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.18.4664	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6194	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6229	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.38.4963	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.41.5058	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6025	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.34.4889	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.37.4835	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6094	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.28.4332	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.26.4294	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.46.4885	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6286	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.45.4653	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5057	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5059	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	20.19.x.5063	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	21.20.x.5064	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	24.20.100.6373	Trust: 0.8
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	csme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	matrix storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx sdk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	usb 3.0 creator utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	for windows	Trust: 0.8

sources: JVNDB: JVNDB-2018-014761 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-18089

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18089
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-18089
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-541
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-128613
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-18089
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-128613
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18089
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-128613 // JVNDB: JVNDB-2018-014761 // CNNVD: CNNVD-201903-541 // NVD: CVE-2018-18089

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-128613 // JVNDB: JVNDB-2018-014761 // NVD: CVE-2018-18089

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-541

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201903-541

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014761

PATCH

title:	INTEL-SA-00189	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html	Trust: 0.8
title:	INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Trust: 0.8
title:	INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html	Trust: 0.8
title:	INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 0.8
title:	INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 0.8
title:	INTEL-SA-00216 - Intel Matrix Storage Manager Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html	Trust: 0.8
title:	INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html	Trust: 0.8
title:	INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html	Trust: 0.8
title:	Intel Graphics Driver for Windows Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90130	Trust: 0.6

sources: JVNDB: JVNDB-2018-014761 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-541

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18089	Trust: 2.5
db:	LENOVO	id:	LEN-25084	Trust: 1.7
db:	JVN	id:	JVNVU98344681	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-001582	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014761	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-541	Trust: 0.7
db:	NSFOCUS	id:	42997	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0822	Trust: 0.6
db:	VULHUB	id:	VHN-128613	Trust: 0.1

sources: VULHUB: VHN-128613 // JVNDB: JVNDB-2018-014761 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-541 // NVD: CVE-2018-18089

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 2.3
url:	https://support.lenovo.com/us/en/product_security/len-25084	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18089	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18089	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/42997	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77106	Trust: 0.6
url:	https://support.lenovo.com/us/zh/solutions/len-25084	Trust: 0.6

sources: VULHUB: VHN-128613 // JVNDB: JVNDB-2018-014761 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-541 // NVD: CVE-2018-18089

CREDITS

Intel ( http://www.intel.com/ ) ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-541

SOURCES

db:	VULHUB	id:	VHN-128613
db:	JVNDB	id:	JVNDB-2018-014761
db:	JVNDB	id:	JVNDB-2019-001582
db:	CNNVD	id:	CNNVD-201903-541
db:	NVD	id:	CVE-2018-18089

LAST UPDATE DATE

2024-11-23T21:29:40.285000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-128613	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-014761	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-541	date:	2019-09-26T00:00:00
db:	NVD	id:	CVE-2018-18089	date:	2024-11-21T03:55:27.760

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-128613	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014761	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-541	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-18089	date:	2019-03-14T20:29:01.427