CVE-2018-12152 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Intel Graphics Driver

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

7.8HIGHNVD

EPSS

1.8%

top 17.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Corporation Intel Graphics Driver Intel Graphics Driver

Timeline

PublishedOct 10

Latest updateMay 13

Description

Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDintel/graphics_driver15 versions+14

▶CVEListV5intel_corporation/intel_graphics_driverVarious

🔴Vulnerability Details

GHSA

GHSA-68c3-2f9v-prp3: Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10↗2022-05-13

▶

CVEList

CVE-2018-12152: Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10↗2018-10-10

▶

📋Vendor Advisories

Apple

CVE-2018-12152: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006↗2019-10-29

▶

Apple

CVE-2018-12152: macOS Catalina 10.15↗2019-10-07

▶