Multiple potential security vulnerabilities in Intel® Graphics Drivers may allow escalation of privilege or denial of service . Intel is releasing Intel® Graphics Driver updates to mitigate these potential vulnerabilities.
CVEID: CVE-2018-12152
Description: Pointer corruption in Unified Shader Compiler in Intel® Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2018-12153
Description: Denial of Service in Unified Shader Compiler in Intel® Graphics Drivers before10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVEID: CVE-2018-12154
Description: Denial of Service in Unified Shader Compiler in Intel® Graphics Drivers before10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Intel® Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058).
Intel recommends that users of Intel® Graphics Drivers update to the latest version.
Updates are available for download at this location: <https://downloadcenter.intel.com/product/80939/Graphics-Drivers>
Intel would like to thank Piotr Bania of Cisco TALOS for reporting this issue and working with us on coordinated disclosure.