Details of VAR-201911-1759

ID

VAR-201911-1759

CVE

CVE-2019-11111

TITLE

Intel(R) Graphics Driver In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-012130

DESCRIPTION

Pointer corruption in the Unified Shader Compiler in Intel(R) Graphics Drivers before 10.18.14.5074 (aka 15.36.x.5074) may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A code issue vulnerability exists in the Unified Shader Compiler in versions prior to Intel Graphics Drivers 10.18.14.5074. A local attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2019-11111 // JVNDB: JVNDB-2019-012130 // VULHUB: VHN-142725

AFFECTED PRODUCTS

vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	data availability services	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	solidfire baseboard management controller	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	lt	version:	15.36.37.5074	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-012130 // NVD: CVE-2019-11111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11111
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-11111
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201911-600
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142725
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11111
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-142725
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11111
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-11111
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-142725 // JVNDB: JVNDB-2019-012130 // CNNVD: CNNVD-201911-600 // NVD: CVE-2019-11111

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.9

sources: VULHUB: VHN-142725 // JVNDB: JVNDB-2019-012130 // NVD: CVE-2019-11111

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-600

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-600

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012130

PATCH

title:	INTEL-SA-00242	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html	Trust: 0.8
title:	Intel Graphics Drivers Unified Shader Compiler Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105202	Trust: 0.6

sources: JVNDB: JVNDB-2019-012130 // CNNVD: CNNVD-201911-600

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11111	Trust: 2.5
db:	JVN	id:	JVNVU90354904	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-012130	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-600	Trust: 0.7
db:	LENOVO	id:	LEN-28235	Trust: 0.6
db:	VULHUB	id:	VHN-142725	Trust: 0.1

sources: VULHUB: VHN-142725 // JVNDB: JVNDB-2019-012130 // CNNVD: CNNVD-201911-600 // NVD: CVE-2019-11111

REFERENCES

url:	https://security.netapp.com/advisory/ntap-20200320-0005/	Trust: 1.7
url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11111	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11111	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu90354904/	Trust: 0.8
url:	https://support.lenovo.com/us/en/product_security/len-28235	Trust: 0.6

sources: VULHUB: VHN-142725 // JVNDB: JVNDB-2019-012130 // CNNVD: CNNVD-201911-600 // NVD: CVE-2019-11111

SOURCES

db:	VULHUB	id:	VHN-142725
db:	JVNDB	id:	JVNDB-2019-012130
db:	CNNVD	id:	CNNVD-201911-600
db:	NVD	id:	CVE-2019-11111

LAST UPDATE DATE

2024-11-23T19:56:26.378000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142725	date:	2020-03-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-012130	date:	2019-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201911-600	date:	2020-03-24T00:00:00
db:	NVD	id:	CVE-2019-11111	date:	2024-11-21T04:20:33.477

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142725	date:	2019-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-012130	date:	2019-11-26T00:00:00
db:	CNNVD	id:	CNNVD-201911-600	date:	2019-11-12T00:00:00
db:	NVD	id:	CVE-2019-11111	date:	2019-11-14T20:15:11.743