Details of VAR-201903-0979

ID

VAR-201903-0979

CVE

CVE-2018-12219

TITLE

Windows for Intel(R) Graphics Driver Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014768

DESCRIPTION

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access. Windows for Intel(R) Graphics Driver Contains an input validation vulnerability.Information may be obtained. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Kernel Mode Driver is one of the kernel mode drivers. A local attacker could exploit this vulnerability to read memory. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Trust: 2.43

sources: NVD: CVE-2018-12219 // JVNDB: JVNDB-2018-014768 // JVNDB: JVNDB-2019-001582 // VULHUB: VHN-122156

AFFECTED PRODUCTS

vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.31.4414	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.36.4703	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.34.4624	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.23.4860	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.43.4425	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6136	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.21.4821	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.33.4578	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.19.4678	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.45.18.4664	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6194	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6229	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.38.4963	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.41.5058	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6025	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.34.4889	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.40.37.4835	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6094	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.28.4332	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.36.26.4294	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.46.4885	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	24.20.100.6286	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	eq	version:	15.33.45.4653	Trust: 1.0
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5057	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	10.18.x.5059	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	20.19.x.5063	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	21.20.x.5064	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	lt	version:	24.20.100.6373	Trust: 0.8
vendor:	intel	model:	accelerated storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	active management technology	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	csme	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	matrix storage manager	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	server platform services	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	sgx sdk	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	trusted execution engine	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	usb 3.0 creator utility	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	intel	scope:	-	version:	-	Trust: 0.8
vendor:	intel	model:	graphics driver	scope:	eq	version:	for windows	Trust: 0.8

sources: JVNDB: JVNDB-2018-014768 // JVNDB: JVNDB-2019-001582 // NVD: CVE-2018-12219

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12219
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-12219
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201903-564
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-122156
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-12219
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-122156
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12219
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-122156 // JVNDB: JVNDB-2018-014768 // CNNVD: CNNVD-201903-564 // NVD: CVE-2018-12219

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-122156 // JVNDB: JVNDB-2018-014768 // NVD: CVE-2018-12219

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201903-564

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-564

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014768

PATCH

title:	INTEL-SA-00189	url:	https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html	Trust: 0.8
title:	INTEL-SA-00231 - Intel Accelerated Storage Manager in RSTe Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00231.html	Trust: 0.8
title:	INTEL-SA-00185 - Intel CSME, Server Platform Services, Trusted Execution Engine and Intel Active Management Technology 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html	Trust: 0.8
title:	INTEL-SA-00189 - Intel Graphics Driver for Windows* 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 0.8
title:	INTEL-SA-00191 - Intel Firmware 2018.4 QSR Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html	Trust: 0.8
title:	INTEL-SA-00216 - Intel Matrix Storage Manager Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00216.html	Trust: 0.8
title:	INTEL-SA-00217 - Intel Software Guard Extensions SDK Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html	Trust: 0.8
title:	INTEL-SA-00229 - Intel USB 3.0 Creator Utility Advisory	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00229.html	Trust: 0.8
title:	Intel Graphics Driver Kernel Mode Driver Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90151	Trust: 0.6

sources: JVNDB: JVNDB-2018-014768 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-564

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12219	Trust: 2.5
db:	LENOVO	id:	LEN-25084	Trust: 1.7
db:	JVN	id:	JVNVU98344681	Trust: 1.6
db:	JVNDB	id:	JVNDB-2019-001582	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-014768	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-564	Trust: 0.7
db:	NSFOCUS	id:	42991	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0822	Trust: 0.6
db:	VULHUB	id:	VHN-122156	Trust: 0.1

sources: VULHUB: VHN-122156 // JVNDB: JVNDB-2018-014768 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-564 // NVD: CVE-2018-12219

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html	Trust: 2.3
url:	https://support.lenovo.com/us/en/product_security/len-25084	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12219	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12219	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681/	Trust: 0.8
url:	https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-001582.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu98344681	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/77106	Trust: 0.6
url:	https://support.lenovo.com/us/zh/solutions/len-25084	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/42991	Trust: 0.6

sources: VULHUB: VHN-122156 // JVNDB: JVNDB-2018-014768 // JVNDB: JVNDB-2019-001582 // CNNVD: CNNVD-201903-564 // NVD: CVE-2018-12219

CREDITS

Intel ( http://www.intel.com/ ) ??

Trust: 0.6

sources: CNNVD: CNNVD-201903-564

SOURCES

db:	VULHUB	id:	VHN-122156
db:	JVNDB	id:	JVNDB-2018-014768
db:	JVNDB	id:	JVNDB-2019-001582
db:	CNNVD	id:	CNNVD-201903-564
db:	NVD	id:	CVE-2018-12219

LAST UPDATE DATE

2024-11-23T19:56:23.454000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-122156	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-014768	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-564	date:	2019-09-26T00:00:00
db:	NVD	id:	CVE-2018-12219	date:	2024-11-21T03:44:48.240

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-122156	date:	2019-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-014768	date:	2019-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-001582	date:	2019-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-564	date:	2019-03-14T00:00:00
db:	NVD	id:	CVE-2018-12219	date:	2019-03-14T20:29:01.240