CVE-2018-12152
published 2018-10-10CVE-2018-12152: Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and…
PriorityP341high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.87%
54.3th percentile
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_catalina | — | — |
| apple | macos_catalina_10.15.1_security_update_2019-001_and_security_update_2019-006 | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel | graphics_driver | — | — |
| intel_corporation | intel_graphics_driver | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2018-12152: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
vendor_apple·2019-10-29·CVSS 7.8
CVE-2018-12152 [HIGH] CVE-2018-12152: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
Apple Security Update: About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
Product: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
CVE: CVE-2018-12152
Component: Graphics
Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved input validation.
Apple
CVE-2018-12152: macOS Catalina 10.15
vendor_apple·2019-10-07·CVSS 7.8
CVE-2018-12152 [HIGH] CVE-2018-12152: macOS Catalina 10.15
Apple Security Update: About the security content of macOS Catalina 10.15
Product: macOS Catalina
Version: 10.15
CVE: CVE-2018-12152
Component: Graphics
Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved input validation.
GHSA
GHSA-68c3-2f9v-prp3: Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10
ghsa_unreviewed·2022-05-13
CVE-2018-12152 [HIGH] CWE-119 GHSA-68c3-2f9v-prp3: Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2019/Oct/55http://seclists.org/fulldisclosure/2019/Oct/56http://www.securityfocus.com/bid/105582https://support.apple.com/kb/HT210634https://support.apple.com/kb/HT210722https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.htmlhttp://seclists.org/fulldisclosure/2019/Oct/55http://seclists.org/fulldisclosure/2019/Oct/56http://www.securityfocus.com/bid/105582https://support.apple.com/kb/HT210634https://support.apple.com/kb/HT210722https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
2018-10-10
Published