Vulnerability Details : CVE-2018-12154
Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access.
Vulnerability category: Denial of service
Products affected by CVE-2018-12154
- cpe:2.3:o:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*
- cpe:2.3:o:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-12154
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-12154
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-12154
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-12154
-
http://seclists.org/fulldisclosure/2019/Oct/56
Full Disclosure: APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra
-
http://www.securityfocus.com/bid/105582
Intel Graphics Driver Remote Code Execution And Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://support.apple.com/kb/HT210634
About the security content of macOS Catalina 10.15 - Apple Support
-
https://support.apple.com/kb/HT210722
About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006 - Apple Support
-
http://seclists.org/fulldisclosure/2019/Oct/55
Full Disclosure: APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15
-
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
INTEL-SA-00166Vendor Advisory
Jump to