Vulnerability Details CVE-2018-12152
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.5%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://seclists.org/fulldisclosure/2019/Oct/55
- http://seclists.org/fulldisclosure/2019/Oct/56
- http://www.securityfocus.com/bid/105582
- https://support.apple.com/kb/HT210634
- https://support.apple.com/kb/HT210722
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
- http://seclists.org/fulldisclosure/2019/Oct/55
- http://seclists.org/fulldisclosure/2019/Oct/56
- http://www.securityfocus.com/bid/105582
- https://support.apple.com/kb/HT210634
- https://support.apple.com/kb/HT210722
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
Products affected by CVE-2018-12152
-
cpe:2.3:a:intel:graphics_driver:15.33.43.4425
-
cpe:2.3:a:intel:graphics_driver:15.33.45.4653
-
cpe:2.3:a:intel:graphics_driver:15.33.46.4885
-
cpe:2.3:a:intel:graphics_driver:15.33.47.5059
-
cpe:2.3:a:intel:graphics_driver:15.36.26.4294
-
cpe:2.3:a:intel:graphics_driver:15.36.28.4332
-
cpe:2.3:a:intel:graphics_driver:15.36.31.4414
-
cpe:2.3:a:intel:graphics_driver:15.36.33.4578
-
cpe:2.3:a:intel:graphics_driver:15.36.34.4889
-
cpe:2.3:a:intel:graphics_driver:15.36.35.5057
-
cpe:2.3:a:intel:graphics_driver:15.40.34.4624
-
cpe:2.3:a:intel:graphics_driver:15.40.36.4703
-
cpe:2.3:a:intel:graphics_driver:15.40.37.4835
-
cpe:2.3:a:intel:graphics_driver:15.40.38.4963
-
cpe:2.3:a:intel:graphics_driver:15.40.41.5058