Sign-up

ID

VAR-201904-0759


CVE

CVE-2019-0158


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-002605

DESCRIPTION

Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Graphics Performance Analyzer for Linux is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Graphics Performance Analyzer 2019 R1 are vulnerable. It only needs to provide functions such as graphics analysis and optimization. The vulnerability stems from the lack of effective permission and access control measures in network systems or products

Trust: 1.98

sources: NVD: CVE-2019-0158 // JVNDB: JVNDB-2019-002605 // BID: 107888 // VULHUB: VHN-140189

AFFECTED PRODUCTS

vendor:intelmodel:graphics performance analyzerscope:lteversion:18.4

Trust: 1.0

vendor:intelmodel:broadwellscope:ltversion:u i5 vpro mybdwi5v.86a

Trust: 0.8

vendor:intelmodel:graphics performance analyzerscope:lteversion:for linux 18.4

Trust: 0.8

vendor:intelmodel:media sdkscope:ltversion:2018 r2.1

Trust: 0.8

vendor:intelmodel:microprocessorsscope:eqversion:with virtual memory mapping

Trust: 0.8

vendor:intelmodel:graphics performance analyzer r4scope:eqversion:2018

Trust: 0.3

vendor:intelmodel:graphics performance analyzer r1scope:eqversion:2018

Trust: 0.3

vendor:intelmodel:graphics performance analyzer r4scope:eqversion:2017

Trust: 0.3

vendor:intelmodel:graphics performance analyzer r1scope:eqversion:2017

Trust: 0.3

vendor:intelmodel:graphics performance analyzer r4scope:eqversion:2016

Trust: 0.3

vendor:intelmodel:graphics performance analyzer r1scope:eqversion:2016

Trust: 0.3

vendor:intelmodel:graphics performance analyzer r1scope:neversion:2019

Trust: 0.3

sources: BID: 107888 // JVNDB: JVNDB-2019-002605 // NVD: CVE-2019-0158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0158
value: HIGH

Trust: 1.0

CNNVD: CNNVD-201904-604
value: HIGH

Trust: 0.6

VULHUB: VHN-140189
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0158
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-140189
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0158
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-140189 // CNNVD: CNNVD-201904-604 // NVD: CVE-2019-0158

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.1

sources: VULHUB: VHN-140189 // NVD: CVE-2019-0158

THREAT TYPE

local

Trust: 0.9

sources: BID: 107888 // CNNVD: CNNVD-201904-604

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201904-604

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-002605

PATCH
title:INTEL-SA-00201url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00201.html
Trust: 0.8
title:INTEL-SA-00236url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00236.html
Trust: 0.8
title:INTEL-SA-00238url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00238.html
Trust: 0.8
title:INTEL-SA-00239url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00239.html
Trust: 0.8
title:Intel Graphics Performance Analyzer for Linux Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91415
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-002605 // 
            
            
            
            CNNVD: CNNVD-201904-604

EXTERNAL IDS
db:NVDid:CVE-2019-0158
Trust: 2.8
db:BIDid:107888
Trust: 2.0
db:JVNid:JVNVU90136041
Trust: 0.8
db:JVNDBid:JVNDB-2019-002605
Trust: 0.8
db:CNNVDid:CNNVD-201904-604
Trust: 0.7
db:VULHUBid:VHN-140189
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140189 // 
            
            
            
            BID: 107888 // 
            
            
            
            JVNDB: JVNDB-2019-002605 // 
            
            
            
            CNNVD: CNNVD-201904-604 // 
            
            
            
            NVD: CVE-2019-0158

REFERENCES
url:http://www.securityfocus.com/bid/107888
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00236.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0158
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0162
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0163
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18094
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0158
Trust: 0.8
url:https://jvn.jp/vu/jvnvu90136041/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-18094
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0162
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-0163
Trust: 0.8
sources:
            
            
            VULHUB: VHN-140189 // 
            
            
            
            BID: 107888 // 
            
            
            
            JVNDB: JVNDB-2019-002605 // 
            
            
            
            CNNVD: CNNVD-201904-604 // 
            
            
            
            NVD: CVE-2019-0158

CREDITS
Michael Henry
Trust: 0.9
sources:
            
            
            BID: 107888 // 
            
            
            
            CNNVD: CNNVD-201904-604

SOURCES
db:VULHUBid:VHN-140189
db:BIDid:107888
db:JVNDBid:JVNDB-2019-002605
db:CNNVDid:CNNVD-201904-604
db:NVDid:CVE-2019-0158

LAST UPDATE DATE
2024-11-23T22:00:00.127000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140189date:2020-08-24T00:00:00
db:BIDid:107888date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-002605date:2019-09-30T00:00:00
db:CNNVDid:CNNVD-201904-604date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0158date:2024-11-21T04:16:22.457

SOURCES RELEASE DATE
db:VULHUBid:VHN-140189date:2019-04-17T00:00:00
db:BIDid:107888date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-002605date:2019-04-11T00:00:00
db:CNNVDid:CNNVD-201904-604date:2019-04-09T00:00:00
db:NVDid:CVE-2019-0158date:2019-04-17T18:29:00.277