CVE-2018-12223 — Incorrect Permission Assignment in Corporation Intel Graphics Driver FOR Windows

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 86.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Intel Corporation Intel Graphics Driver FOR Windows Intel Graphics Driver

Timeline

PublishedMar 14

Latest updateMay 13

Description

Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to escape from a virtual machine guest-to-host via local access.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 2.0 | Impact: 3.7

Affected Packages2 packages

▶NVDintel/graphics_driver23 versions+22

▶CVEListV5intel_corporation/intel_graphics_driver_for_windowsMultiple versions.

Patches

Patch: www.intel.com ↗Patch: www.intel.com ↗

🔴Vulnerability Details

GHSA

GHSA-vw4w-v3x8-9wqh: Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10↗2022-05-13

▶

CVEList

CVE-2018-12223: Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10↗2019-03-14

▶