Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00189
HistoryOct 01, 2021 - 12:00 a.m.

Intel® Graphics Driver for Windows* 2018.4 QSR Advisory

2021-10-0100:00:00
Intel Security Center
www.intel.com
8

0.0004 Low

EPSS

Percentile

12.8%

JSON

Summary:

Multiple potential security vulnerabilities in Intel® Graphics Driver for Windows* may allow escalation of privileges, denial of service or information disclosure.** Intel is releasing Intel® Graphics Driver for Windows updates to mitigate these potential vulnerabilities.***

Vulnerability Details:

CVEID: CVE-2018-12209

Description: Insufficient access control in User Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read device configuration information via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2018-12210

Description: Multiple pointer dereferences in User Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2018-12211

Description: Insufficient input validation in User Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2018-12212

Description: Buffer overflow in User Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2018-12213

Description: Potential memory corruption in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a denial of service via local access.

CVSS Base Score: 6.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

CVEID: CVE-2018-12214

Description: Potential memory corruption in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

CVEID: CVE-2018-12215

Description: Insufficient input validation in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

CVEID: CVE-2018-12216

Description: Insufficient input validation in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2018-12217

Description: Insufficient access control in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to read device configuration information via local access.

CVSS Base Score: 2.3 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2018-12218

Description: Unhandled exception in User Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause a memory leak via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2018-12219

Description: Insufficient input validation in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access.

CVSS Base Score: 5.5 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2018-12220

Description: Logic bug in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.

CVSS Base Score: 3.9 Low

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

CVEID: CVE-2018-12221

Description: Insufficient input validation in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2018-12222

Description: Insufficient input validation in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an out of bound memory read via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2018-12223

Description: Insufficient access control in User Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CVEID: CVE-2018-12224

Description: Buffer leakage in igdkm64.sys in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2018-18089

Description: Multiple out of bounds read in igdkm64.sys in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.8 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CVEID: CVE-2018-18090

Description: Out of bounds read in igdkm64.sys in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.2 Low

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

CVEID: CVE-2018-18091

Description: Use after free in Kernel Mode Driver in Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access.

CVSS Base Score: 5.9

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Affected Products:

Intel® Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373

Recommendations:

Intel recommends that users of Intel® Graphics Driver for Windows* update to versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 or later.

Updates are available for download at this location: Graphics downloads.

Acknowledgements:

Intel would like to thank @j00sean (CVE-2018-18091) for reporting this issue and working with us on coordinated disclosure.

CVE-2018-12218, CVE-2018-12219, CVE-2018-12220, CVE-2018-12221, CVE-2018-12222, CVE-2018-12223, CVE-2018-12224, CVE-2018-18089 and CVE-2018-18090 were found externally by an Intel partner.

The remaining issues were found internally by Intel employees. Intel we would like to thank Artem Shishkin, Edgar Barbosa, Gabriel Barbosa, Gustavo Scotti, Kekai Hu, Rodrigo Axel Monroy, and Rodrigo Branco.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.

Related

lenovo 2
hp 1
threatpost 4
nvd 19
cvelist 19
prion 19
cve 19
lenovo
lenovo
Intel Graphics Driver for Windows Vulnerabilities - Lenovo Support US
2019-03-14 00:05:18
Intel Graphics Driver for Windows Vulnerabilities - Lenovo Support US
2019-03-14 00:05:18
hp
hp
HPSBHF03608 rev. 3 - Intel Graphics Drivers Security Updates
2019-03-13 00:00:00
threatpost
threatpost
Intel Patches High-Severity Flaws in Media SDK, Mini PC
2019-04-09 20:11:47
Intel Windows 10 Graphics Drivers Riddled With Flaws
2019-03-13 19:29:39
High-Severity Flaws Plague Intel Graphics Drivers
2020-03-10 18:08:36
nvd
nvd
CVE-2018-12223
2019-03-14 20:29:01
CVE-2018-18091
2019-03-14 20:29:01
CVE-2018-12215
2019-03-14 20:29:01
cvelist
cvelist
CVE-2018-18089
2019-03-12 00:00:00
CVE-2018-12214
2019-03-12 00:00:00
CVE-2018-12212
2019-03-12 00:00:00
prion
prion
Information disclosure
2019-03-14 20:29:00
Null pointer dereference
2019-03-14 20:29:00
Double free
2019-03-14 20:29:00
cve
cve
CVE-2018-12224
2019-03-14 20:29:01
CVE-2018-18091
2019-03-14 20:29:01
CVE-2018-12209
2019-03-14 20:29:00

0.0004 Low

EPSS

Percentile

12.8%

JSON
Related for INTEL:INTEL-SA-00189
lenovo2hp1threatpost4nvd19cvelist19prion19cve19