Sign-up

ID

VAR-201905-1181


CVE

CVE-2019-0113


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access. Intel Graphics Driver Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Graphics Driver is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service condition, denying service to legitimate users. Intel Graphics Drivers prior to 15.36.x.5067 and 15.33.x.5069 are vulnerable. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.98

sources: NVD: CVE-2019-0113 // JVNDB: JVNDB-2019-004713 // BID: 108385 // VULHUB: VHN-140144

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:eqversion:15.36.33.4578

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.31.4414

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.28.4332

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.26.4294

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.46.4885

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.43.4425

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.45.4653

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.34.4889

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:10.18.10.5069

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:10.18.14.5067

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.36.x.5057

Trust: 0.3

vendor:intelmodel:graphics driverscope:eqversion:15.33.x.5056

Trust: 0.3

vendor:intelmodel:graphics driverscope:neversion:15.36.x.5067

Trust: 0.3

vendor:intelmodel:graphics driverscope:neversion:15.33.x.5069

Trust: 0.3

sources: BID: 108385 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004713 // NVD: CVE-2019-0113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0113
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0113
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-750
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140144
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0113
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140144
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0113
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140144 // JVNDB: JVNDB-2019-004713 // CNNVD: CNNVD-201905-750 // NVD: CVE-2019-0113

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-140144 // JVNDB: JVNDB-2019-004713 // NVD: CVE-2019-0113

THREAT TYPE

local

Trust: 0.9

sources: BID: 108385 // CNNVD: CNNVD-201905-750

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-750

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:INTEL-SA-00218url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00218.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004713

EXTERNAL IDS
db:NVDid:CVE-2019-0113
Trust: 2.8
db:BIDid:108385
Trust: 2.0
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004713
Trust: 0.8
db:CNNVDid:CNNVD-201905-750
Trust: 0.7
db:LENOVOid:LEN-26295
Trust: 0.6
db:VULHUBid:VHN-140144
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140144 // 
            
            
            
            BID: 108385 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004713 // 
            
            
            
            CNNVD: CNNVD-201905-750 // 
            
            
            
            NVD: CVE-2019-0113

REFERENCES
url:http://www.securityfocus.com/bid/108385
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0113
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0113
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-26295
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140144 // 
            
            
            
            BID: 108385 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004713 // 
            
            
            
            CNNVD: CNNVD-201905-750 // 
            
            
            
            NVD: CVE-2019-0113

CREDITS
Konstantin Wurster, and an Intel partner.
Trust: 0.9
sources:
            
            
            BID: 108385 // 
            
            
            
            CNNVD: CNNVD-201905-750

SOURCES
db:VULHUBid:VHN-140144
db:BIDid:108385
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004713
db:CNNVDid:CNNVD-201905-750
db:NVDid:CVE-2019-0113

LAST UPDATE DATE
2024-11-23T20:29:54.417000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140144date:2019-05-21T00:00:00
db:BIDid:108385date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004713date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-750date:2019-08-29T00:00:00
db:NVDid:CVE-2019-0113date:2024-11-21T04:16:15.280

SOURCES RELEASE DATE
db:VULHUBid:VHN-140144date:2019-05-17T00:00:00
db:BIDid:108385date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004713date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-750date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0113date:2019-05-17T16:29:01.563