Sign-up

ID

VAR-201804-1197


CVE

CVE-2018-4138


TITLE

Apple macOS of NVIDIA Vulnerability bypassing memory read restriction in graphics driver component

Trust: 0.8

sources: JVNDB: JVNDB-2018-003713

DESCRIPTION

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS of NVIDIA A vulnerability exists in the graphics driver component that could bypass memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, bypass security restrictions, execute arbitrary code, obtain elevated privileges and perform unauthorized action; this may aid in launching further attacks. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers

Trust: 1.98

sources: NVD: CVE-2018-4138 // JVNDB: JVNDB-2018-003713 // BID: 103582 // VULHUB: VHN-134169

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.3

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.0.4

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion: -

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.1.1

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.3

Trust: 0.6

vendor:applemodel:mac os xscope:eqversion:10.0.2

Trust: 0.6

vendor:applemodel:macosscope:eqversion:10.13.1

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.3

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13.2

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.13

Trust: 0.3

vendor:applemodel:macosscope:eqversion:10.12.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.11.6

Trust: 0.3

vendor:applemodel:macosscope:neversion:10.13.4

Trust: 0.3

sources: BID: 103582 // JVNDB: JVNDB-2018-003713 // CNNVD: CNNVD-201804-168 // NVD: CVE-2018-4138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4138
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4138
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-168
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134169
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4138
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134169
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4138
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134169 // JVNDB: JVNDB-2018-003713 // CNNVD: CNNVD-201804-168 // NVD: CVE-2018-4138

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-134169 // JVNDB: JVNDB-2018-003713 // NVD: CVE-2018-4138

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-168

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-168

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003713

PATCH
title:HT208692url:https://support.apple.com/en-us/HT208692
Trust: 0.8
title:HT208692url:https://support.apple.com/ja-jp/HT208692
Trust: 0.8
title:Apple macOS High Sierra NVIDIA Graphics Drivers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83020
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003713 // 
            
            
            
            CNNVD: CNNVD-201804-168

EXTERNAL IDS
db:NVDid:CVE-2018-4138
Trust: 2.8
db:BIDid:103582
Trust: 1.4
db:SECTRACKid:1040608
Trust: 1.1
db:JVNid:JVNVU92378299
Trust: 0.8
db:JVNDBid:JVNDB-2018-003713
Trust: 0.8
db:CNNVDid:CNNVD-201804-168
Trust: 0.7
db:VULHUBid:VHN-134169
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134169 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003713 // 
            
            
            
            CNNVD: CNNVD-201804-168 // 
            
            
            
            NVD: CVE-2018-4138

REFERENCES
url:https://support.apple.com/ht208692
Trust: 1.7
url:http://www.securityfocus.com/bid/103582
Trust: 1.1
url:http://www.securitytracker.com/id/1040608
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4138
Trust: 0.8
url:http://jvn.jp/vu/jvnvu92378299/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4138
Trust: 0.8
url:https://www.apple.com/
Trust: 0.3
url:https://support.apple.com/en-ie/ht208692
Trust: 0.3
sources:
            
            
            VULHUB: VHN-134169 // 
            
            
            
            BID: 103582 // 
            
            
            
            JVNDB: JVNDB-2018-003713 // 
            
            
            
            CNNVD: CNNVD-201804-168 // 
            
            
            
            NVD: CVE-2018-4138

CREDITS
David J Beitey (@davidjb_), Geoffrey Bugniot, Simon Hosie, an anonymous researcher, Kamatham Chaitanya of ShiftLeft Inc., Haik Aftandilian of Mozilla, Axis and pjf of IceSword Lab of Qihoo 360, Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc., Jonas Jens
Trust: 0.3
sources:
            
            
            BID: 103582

SOURCES
db:VULHUBid:VHN-134169
db:BIDid:103582
db:JVNDBid:JVNDB-2018-003713
db:CNNVDid:CNNVD-201804-168
db:NVDid:CVE-2018-4138

LAST UPDATE DATE
2024-11-23T19:33:28.715000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134169date:2018-04-27T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003713date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-168date:2018-04-09T00:00:00
db:NVDid:CVE-2018-4138date:2024-11-21T04:06:50.367

SOURCES RELEASE DATE
db:VULHUBid:VHN-134169date:2018-04-03T00:00:00
db:BIDid:103582date:2018-03-29T00:00:00
db:JVNDBid:JVNDB-2018-003713date:2018-06-01T00:00:00
db:CNNVDid:CNNVD-201804-168date:2018-04-03T00:00:00
db:NVDid:CVE-2018-4138date:2018-04-03T06:29:06.313