CVE-2018-12152

Опубликовано: 10 окт. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.

Ссылки

http://seclists.org/fulldisclosure/2019/Oct/55
http://seclists.org/fulldisclosure/2019/Oct/56
http://www.securityfocus.com/bid/105582
Third Party Advisory
VDB Entry
https://support.apple.com/kb/HT210634
https://support.apple.com/kb/HT210722
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
Mitigation
Vendor Advisory
http://seclists.org/fulldisclosure/2019/Oct/55
http://seclists.org/fulldisclosure/2019/Oct/56
http://www.securityfocus.com/bid/105582
Third Party Advisory
VDB Entry
https://support.apple.com/kb/HT210634
https://support.apple.com/kb/HT210722
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.33.47.5059:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.36.35.5057:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*

cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.0176

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-68c3-2f9v-prp3

CVSS3: 7.8

github

больше 3 лет назад

BDU:2019-01319

CVSS3: 7.3

fstec

больше 7 лет назад

Уязвимость компонента Unified Shader Compiler драйвера графики Intel Graphics Driver, позволяющая нарушителю выполнить произвольный код