CVE-2018-12152: Buffer Overflow
First published: Tue Oct 09 2018(Updated: )
Graphics. Multiple memory corruption issues were addressed with improved input validation.
Credit: secure@intel.com Piotr Bania Cisco TalosPiotr Bania Cisco TalosPiotr Bania Cisco TalosPiotr Bania Cisco TalosPiotr Bania Cisco TalosPiotr Bania Cisco Talos
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Catalina | <10.15 | 10.15 |
| Apple macOS Catalina | <10.15.1 | 10.15.1 |
| Intel Graphics Driver | =15.33.43.4425 | |
| Intel Graphics Driver | =15.33.45.4653 | |
| Intel Graphics Driver | =15.33.46.4885 | |
| Intel Graphics Driver | =15.33.47.5059 | |
| Intel Graphics Driver | =15.36.26.4294 | |
| Intel Graphics Driver | =15.36.28.4332 | |
| Intel Graphics Driver | =15.36.31.4414 | |
| Intel Graphics Driver | =15.36.33.4578 | |
| Intel Graphics Driver | =15.36.34.4889 | |
| Intel Graphics Driver | =15.36.35.5057 | |
| Intel Graphics Driver | =15.40.34.4624 | |
| Intel Graphics Driver | =15.40.36.4703 | |
| Intel Graphics Driver | =15.40.37.4835 | |
| Intel Graphics Driver | =15.40.38.4963 | |
| Intel Graphics Driver | =15.40.41.5058 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2019/Oct/55
- http://seclists.org/fulldisclosure/2019/Oct/56
- http://www.securityfocus.com/bid/105582
- https://support.apple.com/kb/HT210634
- https://support.apple.com/kb/HT210722
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
- https://support.apple.com/en-us/HT210634 (Advisory)
- https://support.apple.com/en-us/HT210722 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2019-8748
- CVE-2019-11041
- CVE-2019-11042
- CVE-2019-8706
- CVE-2019-8850
- CVE-2019-8774
- CVE-2019-8753
- CVE-2019-8705
- CVE-2019-8592
- CVE-2019-8741
- CVE-2019-8825
- CVE-2019-8757
- CVE-2019-8736
- CVE-2019-8767
- CVE-2019-8737
- CVE-2019-8776
- CVE-2019-8509
- CVE-2019-8746
- CVE-2018-12152
- CVE-2018-12153
- CVE-2018-12154
- CVE-2019-8759
- CVE-2019-8758
- CVE-2019-8755
- CVE-2019-8703
- CVE-2019-8809
- CVE-2019-8744
- CVE-2019-8717
- CVE-2019-8709
- CVE-2019-8781
- CVE-2019-8749
- CVE-2019-8756
- CVE-2019-8750
- CVE-2019-8799
- CVE-2019-8826
- CVE-2019-8730
- CVE-2019-8772
- CVE-2019-8708
- CVE-2019-8715
- CVE-2019-8855
- CVE-2019-8770
- CVE-2019-8701
- CVE-2019-8761
- CVE-2019-8745
- CVE-2019-8831
- CVE-2019-8769
- CVE-2019-8768
- CVE-2019-8854
- CVE-2019-8787
- CVE-2019-8796
- CVE-2019-8824
- CVE-2019-8803
- CVE-2019-8817
- CVE-2019-8716
- CVE-2019-8788
- CVE-2019-8785
- CVE-2019-8797
- CVE-2019-8789
- CVE-2017-7152
- CVE-2019-8798
- CVE-2019-8784
- CVE-2019-8807
- CVE-2019-8801
- CVE-2019-8794
- CVE-2019-8786
- CVE-2019-8829
- CVE-2019-8802
- CVE-2019-8858
- CVE-2019-8805
- CVE-2019-8754
- CVE-2019-15126
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2018-12152.
What is the severity level of CVE-2018-12152?
The severity level of CVE-2018-12152 is high with a score of 7.8.
Which software versions are affected by CVE-2018-12152?
The affected software versions include Intel Graphics Driver versions 15.33.43.4425, 15.33.45.4653, 15.33.46.4885, 15.33.47.5059, 15.36.26.4294, 15.36.28.4332, 15.36.31.4414, 15.36.33.4578, 15.36.34.4889, 15.36.35.5057, 15.40.34.4624, 15.40.36.4703, 15.40.37.4835, 15.40.38.4963, and 15.40.41.5058, as well as Apple macOS Catalina up to version 10.15.1.
How can an unauthenticated remote user potentially exploit CVE-2018-12152?
An unauthenticated remote user may potentially execute arbitrary WebGL code via local access due to pointer corruption in the Unified Shader Compiler in Intel Graphics Drivers.
Where can I find more information about CVE-2018-12152?
You can find more information about CVE-2018-12152 on the following references: [Support.apple.com](https://support.apple.com/en-us/HT210722), [Seclists.org (Full Disclosure)](http://seclists.org/fulldisclosure/2019/Oct/55), [Seclists.org (Full Disclosure)](http://seclists.org/fulldisclosure/2019/Oct/56).
- collector/nvd-index
- collector/apple-support
- alias/CVE-2018-12153
- alias/CVE-2018-12154
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/trending
- vendor/intel
- canonical/intel graphics driver
- version/intel graphics driver/15.33.43.4425
- version/intel graphics driver/15.33.45.4653
- version/intel graphics driver/15.33.46.4885
- version/intel graphics driver/15.33.47.5059
- version/intel graphics driver/15.36.26.4294
- version/intel graphics driver/15.36.28.4332
- version/intel graphics driver/15.36.31.4414
- version/intel graphics driver/15.36.33.4578
- version/intel graphics driver/15.36.34.4889
- version/intel graphics driver/15.36.35.5057
- version/intel graphics driver/15.40.34.4624
- version/intel graphics driver/15.40.36.4703
- version/intel graphics driver/15.40.37.4835
- version/intel graphics driver/15.40.38.4963
- version/intel graphics driver/15.40.41.5058
- vendor/apple
- canonical/apple macos catalina