Vulnerability CVE-2018-12224


Published: 2019-03-14

Description:
Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.

Type:

CWE-200

(Information Exposure)

Vendor: Intel
Product: Graphics driver 
Version:
24.20.100.6286
24.20.100.6229
24.20.100.6194
24.20.100.6136
24.20.100.6094
24.20.100.6025
15.45.23.4860
15.45.21.4821
15.45.19.4678
15.45.18.4664
15.40.41.5058
15.40.38.4963
15.40.37.4835
15.40.36.4703
15.40.34.4624
15.36.34.4889
15.36.33.4578
15.36.31.4414
15.36.28.4332
15.36.26.4294
15.33.46.4885
15.33.45.4653
15.33.43.4425

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://support.lenovo.com/us/en/product_security/LEN-25084
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html

Related CVE
CVE-2019-0162
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0158
Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-18094
Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0135
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in RSTe v5.5 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0129
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0121
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-18091
Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may all...
CVE-2018-18090
Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow ...

Copyright 2019, cxsecurity.com

 

Back to Top