Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-12152

Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.

Published

2018-10-10T18:29:03.827

Last Modified

2024-11-21T03:44:39.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	intel	graphics_driver	15.33.43.4425	Yes
Application	intel	graphics_driver	15.33.45.4653	Yes
Application	intel	graphics_driver	15.33.46.4885	Yes
Application	intel	graphics_driver	15.33.47.5059	Yes
Application	intel	graphics_driver	15.36.26.4294	Yes
Application	intel	graphics_driver	15.36.28.4332	Yes
Application	intel	graphics_driver	15.36.31.4414	Yes
Application	intel	graphics_driver	15.36.33.4578	Yes
Application	intel	graphics_driver	15.36.34.4889	Yes
Application	intel	graphics_driver	15.36.35.5057	Yes
Application	intel	graphics_driver	15.40.34.4624	Yes
Application	intel	graphics_driver	15.40.36.4703	Yes
Application	intel	graphics_driver	15.40.37.4835	Yes
Application	intel	graphics_driver	15.40.38.4963	Yes
Application	intel	graphics_driver	15.40.41.5058	Yes

References

http://seclists.org/fulldisclosure/2019/Oct/55 ([email protected])
http://seclists.org/fulldisclosure/2019/Oct/56 ([email protected])
http://www.securityfocus.com/bid/105582 Third Party Advisory, VDB Entry ([email protected])
https://support.apple.com/kb/HT210634 ([email protected])
https://support.apple.com/kb/HT210722 ([email protected])
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html Mitigation, Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2019/Oct/55 (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2019/Oct/56 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/105582 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210634 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT210722 (af854a3a-2127-422b-91ae-364da2661108)
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)