Vulnerability Details : CVE-2018-12152
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.
Vulnerability category: Overflow
Products affected by CVE-2018-12152
- cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.36.35.5057:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*
- cpe:2.3:a:intel:graphics_driver:15.33.47.5059:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12152
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-12152
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-12152
-
http://seclists.org/fulldisclosure/2019/Oct/56
Full Disclosure: APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra
-
http://www.securityfocus.com/bid/105582
Intel Graphics Driver Remote Code Execution And Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://support.apple.com/kb/HT210634
About the security content of macOS Catalina 10.15 - Apple Support
-
https://support.apple.com/kb/HT210722
About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006 - Apple Support
-
http://seclists.org/fulldisclosure/2019/Oct/55
Full Disclosure: APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
INTEL-SA-00166Mitigation;Vendor Advisory
Jump to