Sign-up

ID

VAR-201905-1184


CVE

CVE-2019-0116


TITLE

Intel Multiple vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-003441

DESCRIPTION

An out of bound read in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow a privileged user to potentially enable denial of service via local access. Intel Graphics Driver Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Graphics Driver is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause denial-of-service condition, denying service to legitimate users. Intel Graphics Drivers prior to 15.36.x.5067 and 15.33.x.5069 are vulnerable. KMD is one of the input modules. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.98

sources: NVD: CVE-2019-0116 // JVNDB: JVNDB-2019-004716 // BID: 108385 // VULHUB: VHN-140147

AFFECTED PRODUCTS

vendor:intelmodel:graphics driverscope:eqversion:15.36.33.4578

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.31.4414

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.28.4332

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.26.4294

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.46.4885

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.43.4425

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.33.45.4653

Trust: 1.0

vendor:intelmodel:graphics driverscope:eqversion:15.36.34.4889

Trust: 1.0

vendor:intelmodel:acu wizardscope: - version: -

Trust: 0.8

vendor:intelmodel:active management technologyscope: - version: -

Trust: 0.8

vendor:intelmodel:converged security management enginescope: - version: -

Trust: 0.8

vendor:intelmodel:driver and support assistantscope: - version: -

Trust: 0.8

vendor:intelmodel:dynamic application loaderscope: - version: -

Trust: 0.8

vendor:intelmodel:i915scope: - version: -

Trust: 0.8

vendor:intelmodel:nuc board nuc7i7dnbescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i5dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnhescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc7i7dnkescope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hnkscope: - version: -

Trust: 0.8

vendor:intelmodel:nuc kit nuc8i7hvkscope: - version: -

Trust: 0.8

vendor:intelmodel:proset/wireless software driverscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus ii programmer and toolsscope: - version: -

Trust: 0.8

vendor:intelmodel:server platform servicesscope: - version: -

Trust: 0.8

vendor:intelmodel:trusted execution enginescope: - version: -

Trust: 0.8

vendor:intelmodel:intelscope: - version: -

Trust: 0.8

vendor:intelmodel:quartus primescope: - version: -

Trust: 0.8

vendor:intelmodel:scs discovery utilityscope: - version: -

Trust: 0.8

vendor:intelmodel:unite clientscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope: - version: -

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:10.18.10.5069

Trust: 0.8

vendor:intelmodel:graphics driverscope:ltversion:10.18.14.5067

Trust: 0.8

vendor:intelmodel:graphics driverscope:eqversion:15.36.x.5057

Trust: 0.3

vendor:intelmodel:graphics driverscope:eqversion:15.33.x.5056

Trust: 0.3

vendor:intelmodel:graphics driverscope:neversion:15.36.x.5067

Trust: 0.3

vendor:intelmodel:graphics driverscope:neversion:15.33.x.5069

Trust: 0.3

sources: BID: 108385 // JVNDB: JVNDB-2019-003441 // JVNDB: JVNDB-2019-004716 // NVD: CVE-2019-0116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0116
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-0116
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201905-762
value: MEDIUM

Trust: 0.6

VULHUB: VHN-140147
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-0116
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-140147
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-0116
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-140147 // JVNDB: JVNDB-2019-004716 // CNNVD: CNNVD-201905-762 // NVD: CVE-2019-0116

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

sources: VULHUB: VHN-140147 // JVNDB: JVNDB-2019-004716 // NVD: CVE-2019-0116

THREAT TYPE

local

Trust: 0.9

sources: BID: 108385 // CNNVD: CNNVD-201905-762

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201905-762

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003441

PATCH
title:INTEL-SA-00234 - IntelR SCS Discovery Utility and IntelR ACU Wizard Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00234.html
Trust: 0.8
title:INTEL-SA-00244 - IntelR QuartusR Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00244.html
Trust: 0.8
title:INTEL-SA-00245 - Intel UniteR Client for Android* Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00245.html
Trust: 0.8
title:INTEL-SA-00204 - Intel IntelR PROSet/Wireless WiFi Software Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00204.html
Trust: 0.8
title:INTEL-SA-00249 - IntelR i915 Graphics for Linux Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
Trust: 0.8
title:INTEL-SA-00213 - IntelR CSME, IntelR SPS, IntelR TXE, IntelR DAL, and IntelR AMT 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html
Trust: 0.8
title:INTEL-SA-00251 - IntelR NUC Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00251.html
Trust: 0.8
title:INTEL-SA-00218 - IntelR Graphics Driver for Windows* 2019.1 QSR Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 0.8
title:INTEL-SA-00252 - IntelR Driver & Support Assistant Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00252.html
Trust: 0.8
title:INTEL-SA-00223 - Intel 2019.1 QSR UEFI Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00223.html
Trust: 0.8
title:INTEL-SA-00228 - Intel UniteR Client Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00228.html
Trust: 0.8
title:INTEL-SA-00233 - Microarchitectural Data Sampling Advisoryurl:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Trust: 0.8
title:INTEL-SA-00218url:https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00218.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004716

EXTERNAL IDS
db:NVDid:CVE-2019-0116
Trust: 2.8
db:BIDid:108385
Trust: 2.0
db:JVNid:JVNVU92328381
Trust: 1.6
db:JVNDBid:JVNDB-2019-003441
Trust: 1.6
db:JVNDBid:JVNDB-2019-004716
Trust: 0.8
db:CNNVDid:CNNVD-201905-762
Trust: 0.7
db:LENOVOid:LEN-26295
Trust: 0.6
db:VULHUBid:VHN-140147
Trust: 0.1
sources:
            
            
            VULHUB: VHN-140147 // 
            
            
            
            BID: 108385 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004716 // 
            
            
            
            CNNVD: CNNVD-201905-762 // 
            
            
            
            NVD: CVE-2019-0116

REFERENCES
url:http://www.securityfocus.com/bid/108385
Trust: 2.3
url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00218.html
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0116
Trust: 1.4
url:http://www.intel.com/
Trust: 0.9
url:https://jvn.jp/vu/jvnvu92328381/index.html
Trust: 0.8
url:https://mdsattacks.com/files/ridl.pdf
Trust: 0.8
url:https://mdsattacks.com/files/fallout.pdf
Trust: 0.8
url:https://zombieloadattack.com/
Trust: 0.8
url:https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0116
Trust: 0.8
url:https://jvn.jp/vu/jvnvu92328381/
Trust: 0.8
url:https://jvndb.jvn.jp/ja/contents/2019/jvndb-2019-003441.html
Trust: 0.8
url:https://support.lenovo.com/us/en/product_security/len-26295
Trust: 0.6
sources:
            
            
            VULHUB: VHN-140147 // 
            
            
            
            BID: 108385 // 
            
            
            
            JVNDB: JVNDB-2019-003441 // 
            
            
            
            JVNDB: JVNDB-2019-004716 // 
            
            
            
            CNNVD: CNNVD-201905-762 // 
            
            
            
            NVD: CVE-2019-0116

CREDITS
Konstantin Wurster, and an Intel partner.
Trust: 0.9
sources:
            
            
            BID: 108385 // 
            
            
            
            CNNVD: CNNVD-201905-762

SOURCES
db:VULHUBid:VHN-140147
db:BIDid:108385
db:JVNDBid:JVNDB-2019-003441
db:JVNDBid:JVNDB-2019-004716
db:CNNVDid:CNNVD-201905-762
db:NVDid:CVE-2019-0116

LAST UPDATE DATE
2024-11-23T21:01:00.624000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-140147date:2019-05-21T00:00:00
db:BIDid:108385date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004716date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-762date:2019-08-29T00:00:00
db:NVDid:CVE-2019-0116date:2024-11-21T04:16:15.620

SOURCES RELEASE DATE
db:VULHUBid:VHN-140147date:2019-05-17T00:00:00
db:BIDid:108385date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2019-003441date:2019-05-16T00:00:00
db:JVNDBid:JVNDB-2019-004716date:2019-06-06T00:00:00
db:CNNVDid:CNNVD-201905-762date:2019-05-17T00:00:00
db:NVDid:CVE-2019-0116date:2019-05-17T16:29:01.737