CVE-2018-12152: Buffer Overflow

Reference Links

• http://seclists.org/fulldisclosure/2019/Oct/55
• http://seclists.org/fulldisclosure/2019/Oct/56
• http://www.securityfocus.com/bid/105582
• https://support.apple.com/kb/HT210634
• https://support.apple.com/kb/HT210722
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html
• https://support.apple.com/en-us/HT210634 (Advisory)
• https://support.apple.com/en-us/HT210722 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• HT210722
• HT210634

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2019-8787
• CVE-2019-8796
• CVE-2019-8748
• CVE-2019-11041
• CVE-2019-11042
• CVE-2019-8824
• CVE-2019-8803
• CVE-2019-8817
• CVE-2019-8716
• CVE-2019-8788
• CVE-2019-8706
• CVE-2019-8785
• CVE-2019-8797
• CVE-2019-8850
• CVE-2019-8789
• CVE-2017-7152
• CVE-2019-8592
• CVE-2019-8705
• CVE-2019-8825
• CVE-2019-8736
• CVE-2019-8767
• CVE-2019-8737
• CVE-2019-8509
• CVE-2019-8798
• CVE-2019-8746
• CVE-2018-12152
• CVE-2018-12153
• CVE-2018-12154
• CVE-2019-8784
• CVE-2019-8807
• CVE-2019-8759
• CVE-2019-8801
• CVE-2019-8709
• CVE-2019-8794
• CVE-2019-8717
• CVE-2019-8786
• CVE-2019-8744
• CVE-2019-8829
• CVE-2019-8749
• CVE-2019-8756
• CVE-2019-8750
• CVE-2019-8802
• CVE-2019-8772
• CVE-2019-8708
• CVE-2019-8715
• CVE-2019-8858
• CVE-2019-8805
• CVE-2019-8754
• CVE-2019-8745
• CVE-2019-8831
• CVE-2019-8761
• CVE-2019-15126
• CVE-2019-8774
• CVE-2019-8753
• CVE-2019-8741
• CVE-2019-8757
• CVE-2019-8776
• CVE-2019-8758
• CVE-2019-8755
• CVE-2019-8703
• CVE-2019-8809
• CVE-2019-8781
• CVE-2019-8799
• CVE-2019-8826
• CVE-2019-8730
• CVE-2019-8855
• CVE-2019-8770
• CVE-2019-8701
• CVE-2019-8769
• CVE-2019-8768
• CVE-2019-8854

Frequently Asked Questions

• What is the vulnerability ID of this issue?

  The vulnerability ID is CVE-2018-12152.

• What is the severity level of CVE-2018-12152?

  The severity level of CVE-2018-12152 is high with a score of 7.8.

• Which software versions are affected by CVE-2018-12152?

  The affected software versions include Intel Graphics Driver versions 15.33.43.4425, 15.33.45.4653, 15.33.46.4885, 15.33.47.5059, 15.36.26.4294, 15.36.28.4332, 15.36.31.4414, 15.36.33.4578, 15.36.34.4889, 15.36.35.5057, 15.40.34.4624, 15.40.36.4703, 15.40.37.4835, 15.40.38.4963, and 15.40.41.5058, as well as Apple macOS Catalina up to version 10.15.1.

• How can an unauthenticated remote user potentially exploit CVE-2018-12152?

  An unauthenticated remote user may potentially execute arbitrary WebGL code via local access due to pointer corruption in the Unified Shader Compiler in Intel Graphics Drivers.

• Where can I find more information about CVE-2018-12152?

  You can find more information about CVE-2018-12152 on the following references: [Support.apple.com](https://support.apple.com/en-us/HT210722), [Seclists.org (Full Disclosure)](http://seclists.org/fulldisclosure/2019/Oct/55), [Seclists.org (Full Disclosure)](http://seclists.org/fulldisclosure/2019/Oct/56).