Sign-up

ID

VAR-201905-1183


CVE

CVE-2019-0115


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access. Intel Graphics Driver Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Graphics Driver is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service condition, denying service to legitimate users. Intel Graphics Drivers prior to 15.36.x.5067 and 15.33.x.5069 are vulnerable. KMD is one of the input modules. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.98

sources: NVD: CVE-2019-0115 // JVNDB: JVNDB-2019-004715 // BID: 108385 // VULHUB: VHN-140146

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:eqversion:15.36.33.4578

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.31.4414

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.28.4332

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.26.4294

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.46.4885

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.43.4425

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.45.4653

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.34.4889

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:10.18.10.5069

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:10.18.14.5067

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.36.x.5057

Trust: 0.3

vendor:intelmodel:graphics driverscope:eqversion:15.33.x.5056

Trust: 0.3

vendor:intelmodel:graphics driverscope:neversion:15.36.x.5067

Trust: 0.3

vendor:intelmodel:graphics driverscope:neversion:15.33.x.5069

Trust: 0.3

sources: BID: 108385 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004715 // NVD: CVE-2019-0115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0115
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0115
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-755
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140146
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0115
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140146
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0115
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140146 // JVNDB: JVNDB-2019-004715 // CNNVD: CNNVD-201905-755 // NVD: CVE-2019-0115

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-140146 // JVNDB: JVNDB-2019-004715 // NVD: CVE-2019-0115

THREAT TYPE

local

Trust: 0.9

sources: BID: 108385 // CNNVD: CNNVD-201905-755

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201905-755

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:INTEL-SA-00218url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00218.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004715

EXTERNAL IDS
db:NVDid:CVE-2019-0115
Trust: 2.8
db:BIDid:108385
Trust: 2.0
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004715
Trust: 0.8
db:CNNVDid:CNNVD-201905-755
Trust: 0.7
db:LENOVOid:LEN-26295
Trust: 0.6
db:VULHUBid:VHN-140146
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140146 // 
            
            
            
            BID: 108385 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004715 // 
            
            
            
            CNNVD: CNNVD-201905-755 // 
            
            
            
            NVD: CVE-2019-0115

REFERENCES
url:http://www.securityfocus.com/bid/108385
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0115
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0115
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-26295
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140146 // 
            
            
            
            BID: 108385 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004715 // 
            
            
            
            CNNVD: CNNVD-201905-755 // 
            
            
            
            NVD: CVE-2019-0115

CREDITS
Konstantin Wurster, and an Intel partner.
Trust: 0.9
sources:
            
            
            BID: 108385 // 
            
            
            
            CNNVD: CNNVD-201905-755

SOURCES
db:VULHUBid:VHN-140146
db:BIDid:108385
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004715
db:CNNVDid:CNNVD-201905-755
db:NVDid:CVE-2019-0115

LAST UPDATE DATE
2024-11-23T19:59:24.849000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140146date:2019-05-21T00:00:00
db:BIDid:108385date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004715date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-755date:2019-08-29T00:00:00
db:NVDid:CVE-2019-0115date:2024-11-21T04:16:15.500

SOURCES RELEASE DATE
db:VULHUBid:VHN-140146date:2019-05-17T00:00:00
db:BIDid:108385date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004715date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-755date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0115date:2019-05-17T16:29:01.673