Vulnerability CVE-2018-18089


Published: 2019-03-14

Description:
Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.

Type:

CWE-125

(Out-of-bounds Read)

Vendor: Intel
Product: Graphics driver 
Version:
24.20.100.6286
24.20.100.6229
24.20.100.6194
24.20.100.6136
24.20.100.6094
24.20.100.6025
15.45.23.4860
15.45.21.4821
15.45.19.4678
15.45.18.4664
15.40.41.5058
15.40.38.4963
15.40.37.4835
15.40.36.4703
15.40.34.4624
15.36.34.4889
15.36.33.4578
15.36.31.4414
15.36.28.4332
15.36.26.4294
15.33.46.4885
15.33.45.4653
15.33.43.4425

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://support.lenovo.com/us/en/product_security/LEN-25084
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html

Related CVE
CVE-2019-11092
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0183
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0182
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0181
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0180
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0179
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0178
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0177
Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.

Copyright 2019, cxsecurity.com

 

Back to Top