cvelistv5 - cve-2018-12153

CVE-2018-12153 (GCVE-0-2018-12153)

Vulnerability from cvelistv5 – Published: 2018-10-10 18:00 – Updated: 2024-09-16 23:15

Summary

Severity ?

No CVSS data available.

CWE

Denial of Service

Assigner

intel

References

URL

Tags

	http://www.securityfocus.com/bid/105582	vdb-entryx_refsource_BID
	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210634	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210722	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2019/Oct/56	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2019/Oct/55	mailing-listx_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	Intel Corporation	Intel Graphics Driver	Affected: Various

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:30:57.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105582",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105582"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210634"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT210722"
          },
          {
            "name": "20191031 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
          },
          {
            "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel Graphics Driver",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Various"
            }
          ]
        }
      ],
      "datePublic": "2018-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-01T06:06:42",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "105582",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105582"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210634"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT210722"
        },
        {
          "name": "20191031 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
        },
        {
          "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-10-09T00:00:00",
          "ID": "CVE-2018-12153",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel Graphics Driver",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Various"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105582",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105582"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
            },
            {
              "name": "https://support.apple.com/kb/HT210634",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210634"
            },
            {
              "name": "https://support.apple.com/kb/HT210722",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT210722"
            },
            {
              "name": "20191031 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
            },
            {
              "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-12153",
    "datePublished": "2018-10-10T18:00:00Z",
    "dateReserved": "2018-06-11T00:00:00",
    "dateUpdated": "2024-09-16T23:15:48.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34E5968D-A8DF-48A4-8B2D-3FD3D4CAA33B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD8D4743-2DA3-4638-956D-CD816C063D79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFF3AA02-FA3E-407E-9DAB-D849B3192226\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.33.47.5059:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8CBA701-583B-42FF-997A-1492372FAB9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E25D2E3-B3C5-4D54-AC38-51EA755753DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"565BC82E-A142-4660-B14A-E6D53FFCB39B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"116D57F0-4884-4545-BDDA-2C97474DD95F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9875754-1D9E-4547-B6F8-35D49EF10A5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24752A43-443A-434A-AE3C-3FC6537FCAA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.36.35.5057:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6ADFD9FC-1236-4414-A7CF-459840B117CC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9DB6338-23B0-4C1D-97C2-345A22EDCFEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D7C8297-0E65-4659-8049-34401194D0FA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58D10DEC-49BC-4226-83CE-0C4B805CD296\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1FDD8D7-E7EA-4758-A8FA-8B0D038485B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBCDCF96-ACF9-4074-AEC0-2EA9CAE43577\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.\"}, {\"lang\": \"es\", \"value\": \"Denegaci\\u00f3n de servicio (DoS) en Unified Shader Compiler en Intel Graphics Drivers en versiones anteriores a la 10.18.x.5056 (tambi\\u00e9n conocida como 15.33.x.5056), 10.18.x.5057 (tambi\\u00e9n conocida como 15.36.x.5057) y 20.19.x.5058 (tambi\\u00e9n conocida como 15.40.x.5058) podr\\u00eda permitir que un usuario sin privilegios de un invitado de m\\u00e1quina virtual provoque el cierre inesperado del sistema host mediante acceso local.\"}]",
      "id": "CVE-2018-12153",
      "lastModified": "2024-11-21T03:44:40.033",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 4.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-10T18:29:03.920",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2019/Oct/55\", \"source\": \"secure@intel.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Oct/56\", \"source\": \"secure@intel.com\"}, {\"url\": \"http://www.securityfocus.com/bid/105582\", \"source\": \"secure@intel.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/kb/HT210634\", \"source\": \"secure@intel.com\"}, {\"url\": \"https://support.apple.com/kb/HT210722\", \"source\": \"secure@intel.com\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Oct/55\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2019/Oct/56\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/105582\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://support.apple.com/kb/HT210634\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT210722\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12153\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2018-10-10T18:29:03.920\",\"lastModified\":\"2024-11-21T03:44:40.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.\"},{\"lang\":\"es\",\"value\":\"Denegaci\u00f3n de servicio (DoS) en Unified Shader Compiler en Intel Graphics Drivers en versiones anteriores a la 10.18.x.5056 (tambi\u00e9n conocida como 15.33.x.5056), 10.18.x.5057 (tambi\u00e9n conocida como 15.36.x.5057) y 20.19.x.5058 (tambi\u00e9n conocida como 15.40.x.5058) podr\u00eda permitir que un usuario sin privilegios de un invitado de m\u00e1quina virtual provoque el cierre inesperado del sistema host mediante acceso local.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34E5968D-A8DF-48A4-8B2D-3FD3D4CAA33B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8D4743-2DA3-4638-956D-CD816C063D79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFF3AA02-FA3E-407E-9DAB-D849B3192226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.33.47.5059:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8CBA701-583B-42FF-997A-1492372FAB9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E25D2E3-B3C5-4D54-AC38-51EA755753DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"565BC82E-A142-4660-B14A-E6D53FFCB39B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"116D57F0-4884-4545-BDDA-2C97474DD95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9875754-1D9E-4547-B6F8-35D49EF10A5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24752A43-443A-434A-AE3C-3FC6537FCAA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.36.35.5057:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ADFD9FC-1236-4414-A7CF-459840B117CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9DB6338-23B0-4C1D-97C2-345A22EDCFEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D7C8297-0E65-4659-8049-34401194D0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58D10DEC-49BC-4226-83CE-0C4B805CD296\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FDD8D7-E7EA-4758-A8FA-8B0D038485B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBCDCF96-ACF9-4074-AEC0-2EA9CAE43577\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2019/Oct/55\",\"source\":\"secure@intel.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/Oct/56\",\"source\":\"secure@intel.com\"},{\"url\":\"http://www.securityfocus.com/bid/105582\",\"source\":\"secure@intel.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/kb/HT210634\",\"source\":\"secure@intel.com\"},{\"url\":\"https://support.apple.com/kb/HT210722\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2019/Oct/55\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2019/Oct/56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/105582\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://support.apple.com/kb/HT210634\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT210722\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2019-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une exécution de code arbitraire à distance, un déni de service ou un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 6.1
Apple	N/A	tvOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.0
Apple	Safari	Safari versions antérieures à 13.0.3
Apple	N/A	iOS versions antérieures à 13.2
Apple	N/A	iPadOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 7 versions antérieures à 7.15
Apple	N/A	iTunes versions antérieures à 12.10.2
Apple	macOS	macOS Catalina versions antérieures à 10.15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 28, 29 et 30 octobre 2019	None	vendor-advisory
Bulletin de sécurité Apple MacOS du 29 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 11.0 du 30 octobre 2019	-	other
Bulletin de sécurité iOS et iPadOS du 28 octobre 2019	-	other
Bulletin de sécurité Apple tvOS du 28 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 7.15 du 30 octobre 2019	-	other
Bulletin de sécurité Safari du 28 octobre 2019	-	other
Bulletin de sécurité iTunes du 30 octobre 2019	-	other
Bulletin de sécurité Apple WatchOS du 29 octobre 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
    },
    {
      "name": "CVE-2019-8764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
    },
    {
      "name": "CVE-2019-8793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
    },
    {
      "name": "CVE-2019-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
    },
    {
      "name": "CVE-2019-8747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
    },
    {
      "name": "CVE-2018-12153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
    },
    {
      "name": "CVE-2019-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
    },
    {
      "name": "CVE-2019-8813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
    },
    {
      "name": "CVE-2019-8736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
    },
    {
      "name": "CVE-2019-8756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
    },
    {
      "name": "CVE-2019-8808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
    },
    {
      "name": "CVE-2019-8815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
    },
    {
      "name": "CVE-2019-8807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
    },
    {
      "name": "CVE-2019-8765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
    },
    {
      "name": "CVE-2019-8710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
    },
    {
      "name": "CVE-2019-8509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
    },
    {
      "name": "CVE-2017-7152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
    },
    {
      "name": "CVE-2019-8794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
    },
    {
      "name": "CVE-2019-8804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
    },
    {
      "name": "CVE-2019-8706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
    },
    {
      "name": "CVE-2019-8785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
    },
    {
      "name": "CVE-2019-8708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
    },
    {
      "name": "CVE-2019-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
    },
    {
      "name": "CVE-2019-8749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
    },
    {
      "name": "CVE-2019-8775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
    },
    {
      "name": "CVE-2019-8716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
    },
    {
      "name": "CVE-2019-8812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
    },
    {
      "name": "CVE-2019-8802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
    },
    {
      "name": "CVE-2019-8784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
    },
    {
      "name": "CVE-2019-8737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
    },
    {
      "name": "CVE-2019-8821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
    },
    {
      "name": "CVE-2019-8820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
    },
    {
      "name": "CVE-2019-8795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
    },
    {
      "name": "CVE-2019-8766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
    },
    {
      "name": "CVE-2019-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
    },
    {
      "name": "CVE-2019-8819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
    },
    {
      "name": "CVE-2019-8789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
    },
    {
      "name": "CVE-2019-8759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
    },
    {
      "name": "CVE-2019-8744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
    },
    {
      "name": "CVE-2019-8822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
    },
    {
      "name": "CVE-2019-8801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
    },
    {
      "name": "CVE-2019-8803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
    },
    {
      "name": "CVE-2019-8783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
    },
    {
      "name": "CVE-2019-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
    },
    {
      "name": "CVE-2019-8750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2019-8786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
    },
    {
      "name": "CVE-2019-8787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
    },
    {
      "name": "CVE-2019-8823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
    },
    {
      "name": "CVE-2019-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
    },
    {
      "name": "CVE-2019-8817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
    },
    {
      "name": "CVE-2019-8761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
    },
    {
      "name": "CVE-2019-8814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
    },
    {
      "name": "CVE-2019-8797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    },
    {
      "name": "CVE-2019-8811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
    },
    {
      "name": "CVE-2019-8782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210722"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210727"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210721"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210723"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210724"
    }
  ],
  "reference": "CERTFR-2019-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-30T00:00:00.000000"
    },
    {
      "description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
      "revision_date": "2019-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
      "url": null
    }
  ]
}

CERTFR-2019-AVI-539

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions antérieures à 6.1
Apple	N/A	tvOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 10 versions antérieures à 11.0
Apple	Safari	Safari versions antérieures à 13.0.3
Apple	N/A	iOS versions antérieures à 13.2
Apple	N/A	iPadOS versions antérieures à 13.2
Apple	N/A	iCloud pour Windows 7 versions antérieures à 7.15
Apple	N/A	iTunes versions antérieures à 12.10.2
Apple	macOS	macOS Catalina versions antérieures à 10.15.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 28, 29 et 30 octobre 2019	None	vendor-advisory
Bulletin de sécurité Apple MacOS du 29 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 11.0 du 30 octobre 2019	-	other
Bulletin de sécurité iOS et iPadOS du 28 octobre 2019	-	other
Bulletin de sécurité Apple tvOS du 28 octobre 2019	-	other
Bulletin de sécurité iCloud pour Windows 7.15 du 30 octobre 2019	-	other
Bulletin de sécurité Safari du 28 octobre 2019	-	other
Bulletin de sécurité iTunes du 30 octobre 2019	-	other
Bulletin de sécurité Apple WatchOS du 29 octobre 2019	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 6.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 10 versions ant\u00e9rieures \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 13.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 13.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows 7 versions ant\u00e9rieures \u00e0 7.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.10.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 10.15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-8788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8788"
    },
    {
      "name": "CVE-2019-8764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8764"
    },
    {
      "name": "CVE-2019-8793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8793"
    },
    {
      "name": "CVE-2019-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8715"
    },
    {
      "name": "CVE-2019-8747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8747"
    },
    {
      "name": "CVE-2018-12153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12153"
    },
    {
      "name": "CVE-2019-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8767"
    },
    {
      "name": "CVE-2019-8813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8813"
    },
    {
      "name": "CVE-2019-8736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8736"
    },
    {
      "name": "CVE-2019-8756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8756"
    },
    {
      "name": "CVE-2019-8808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8808"
    },
    {
      "name": "CVE-2019-8815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8815"
    },
    {
      "name": "CVE-2019-8807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8807"
    },
    {
      "name": "CVE-2019-8765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8765"
    },
    {
      "name": "CVE-2019-8710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8710"
    },
    {
      "name": "CVE-2019-8509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8509"
    },
    {
      "name": "CVE-2017-7152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7152"
    },
    {
      "name": "CVE-2019-8794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8794"
    },
    {
      "name": "CVE-2019-8804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8804"
    },
    {
      "name": "CVE-2019-8706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8706"
    },
    {
      "name": "CVE-2019-8785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8785"
    },
    {
      "name": "CVE-2019-8708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8708"
    },
    {
      "name": "CVE-2019-8743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8743"
    },
    {
      "name": "CVE-2019-8749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8749"
    },
    {
      "name": "CVE-2019-8775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8775"
    },
    {
      "name": "CVE-2019-8716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8716"
    },
    {
      "name": "CVE-2019-8812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8812"
    },
    {
      "name": "CVE-2019-8802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8802"
    },
    {
      "name": "CVE-2019-8784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8784"
    },
    {
      "name": "CVE-2019-8737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8737"
    },
    {
      "name": "CVE-2019-8821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8821"
    },
    {
      "name": "CVE-2019-8820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8820"
    },
    {
      "name": "CVE-2019-8795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8795"
    },
    {
      "name": "CVE-2019-8766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8766"
    },
    {
      "name": "CVE-2019-8816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8816"
    },
    {
      "name": "CVE-2019-8819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8819"
    },
    {
      "name": "CVE-2019-8789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8789"
    },
    {
      "name": "CVE-2019-8759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8759"
    },
    {
      "name": "CVE-2019-8744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8744"
    },
    {
      "name": "CVE-2019-8822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8822"
    },
    {
      "name": "CVE-2019-8801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8801"
    },
    {
      "name": "CVE-2019-8803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8803"
    },
    {
      "name": "CVE-2019-8783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8783"
    },
    {
      "name": "CVE-2019-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8805"
    },
    {
      "name": "CVE-2019-8750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8750"
    },
    {
      "name": "CVE-2018-12152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12152"
    },
    {
      "name": "CVE-2019-8786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8786"
    },
    {
      "name": "CVE-2019-8787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8787"
    },
    {
      "name": "CVE-2019-8823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8823"
    },
    {
      "name": "CVE-2019-8798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8798"
    },
    {
      "name": "CVE-2019-8817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8817"
    },
    {
      "name": "CVE-2019-8761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8761"
    },
    {
      "name": "CVE-2019-8814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8814"
    },
    {
      "name": "CVE-2019-8797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8797"
    },
    {
      "name": "CVE-2018-12154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12154"
    },
    {
      "name": "CVE-2019-8811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8811"
    },
    {
      "name": "CVE-2019-8782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8782"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple MacOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210722"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 11.0 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210727"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iOS et iPadOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210721"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple tvOS du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210723"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iCloud pour Windows 7.15 du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210728"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Safari du 28 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210725"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iTunes du 30 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210726"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple WatchOS du 29 octobre 2019",
      "url": "https://support.apple.com/fr-fr/HT210724"
    }
  ],
  "reference": "CERTFR-2019-AVI-539",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-30T00:00:00.000000"
    },
    {
      "description": "Rajout des avis pour Safari, iOS, iPadOS, tvOS, iTunes et iCloud",
      "revision_date": "2019-10-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, une ex\u00e9cution de code arbitraire \u00e0\ndistance, un d\u00e9ni de service ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 28, 29 et 30 octobre 2019",
      "url": null
    }
  ]
}

VAR-201810-0092

Vulnerability from variot - Updated: 2023-12-18 11:44

Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * information leak * any WebGL Code execution. Intel Graphics Driver is prone to a remote code-execution vulnerability and a denial-of-service vulnerability. Successfully exploiting these issues may allow an attacker to execute arbitrary code in the context of affected application or cause denial-of-service conditions. Intel Graphics Driver versions prior to 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) are vulnerable. Unified Shader Compiler is one of those compilers. A remote attacker can use a specially crafted shader file to exploit this vulnerability to cause a denial of service (system crash). CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt

App Store Available for: macOS Catalina 10.15 Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials. CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)

AppleGraphicsControl Available for: macOS Catalina 10.15 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group, Zhuo Liang of Qihoo 360 Vulcan Team

Associated Domains Available for: macOS Catalina 10.15 Impact: Improper URL processing may lead to data exfiltration Description: An issue existed in the parsing of URLs. CVE-2019-8785: Ian Beer of Google Project Zero CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure

Books Available for: macOS Catalina 10.15 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: A validation issue existed in the handling of symlinks. CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven

Contacts Available for: macOS Catalina 10.15 Impact: Processing a maliciously contact may lead to UI spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2019-8798: ABC Research s.r.o. CVE-2019-8759: another of 360 Nirvan Team

iTunes Available for: macOS Catalina 10.15 Impact: Running the iTunes installer in an untrusted directory may result in arbitrary code execution Description: A dynamic library loading issue existed in iTunes setup. CVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT

Kernel Available for: macOS Catalina 10.15 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8750: found by OSS-Fuzz

manpages Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15 Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2019-8802: Csaba Fitzl (@theevilbit)

PluginKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6 Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8715: an anonymous researcher

SystemExtensions Available for: macOS Catalina 10.15 Impact: An application may be able to execute arbitrary code with system privileges Description: A validation issue existed in the entitlement verification. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15

macOS Catalina 10.15 addresses the following:

AMD Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team

apache_mod_php Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in PHP Description: Multiple issues were addressed by updating to PHP version 7.3.8. CVE-2019-11041 CVE-2019-11042

Audio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab Entry added October 29, 2019

Books Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service Description: A resource exhaustion issue was addressed with improved input validation. CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven Entry added October 29, 2019

CFNetwork Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: This issue was addressed with improved checks. CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland Entry added October 29, 2019

CoreAudio Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted movie may result in the disclosure of process memory Description: A memory corruption issue was addressed with improved validation. CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

CoreCrypto Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a large input may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2019-8741: Nicky Mouha of NIST Entry added October 29, 2019

CoreMedia Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8825: Found by GWP-ASan in Google Chrome Entry added October 29, 2019

Crash Reporter Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: The "Share Mac Analytics" setting may not be disabled when a user deselects the switch to share analytics Description: A race condition existed when reading and writing user preferences. This was addressed with improved state handling. CVE-2019-8757: William Cerniuk of Core Development, LLC

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An input validation issue was addressed with improved input validation. CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2019-8767: Stephen Zeisberg Entry added October 29, 2019

CUPS Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com) Entry added October 29, 2019

File Quarantine Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to elevate privileges Description: This issue was addressed by removing the vulnerable code. CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs Entry added October 29, 2019

Foundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero Entry added October 29, 2019

Graphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2018-12152: Piotr Bania of Cisco Talos CVE-2018-12153: Piotr Bania of Cisco Talos CVE-2018-12154: Piotr Bania of Cisco Talos Entry added October 29, 2019

Intel Graphics Driver Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro

IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A logic issue was addressed with improved restrictions. CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro

IOGraphics Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8759: another of 360 Nirvan Team Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local app may be able to read a persistent account identifier Description: A validation issue was addressed with improved logic. CVE-2019-8809: Apple Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2019-8709: derrek (@derrekr6) [confirmed]derrek (@derrekr6) CVE-2019-8781: Linus Henze (pinauten.de) Entry added October 29, 2019

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8717: Jann Horn of Google Project Zero

Kernel Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to determine kernel memory layout Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management. CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team Entry added October 29, 2019

libxml2 Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxml2 Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8749: found by OSS-Fuzz CVE-2019-8756: found by OSS-Fuzz Entry added October 29, 2019

libxslt Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Multiple issues in libxslt Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8750: found by OSS-Fuzz Entry added October 29, 2019

mDNSResponder Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker in physical proximity may be able to passively observe device names in AWDL communications Description: This issue was resolved by replacing device names with a random identifier. CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Entry added October 29, 2019

Menus Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8826: Found by GWP-ASan in Google Chrome Entry added October 29, 2019

Notes Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to view a user's locked notes Description: The contents of locked notes sometimes appeared in search results. This issue was addressed with improved data cleanup. CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia Polytechnic Institute and State University

PDFKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF Description: An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum

PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A local user may be able to check for the existence of arbitrary files Description: A logic issue was addressed with improved restrictions. CVE-2019-8708: an anonymous researcher Entry added October 29, 2019

PluginKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8715: an anonymous researcher Entry added October 29, 2019

SharedFileList Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A malicious application may be able to access recent documents Description: The issue was addressed with improved permissions logic. CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH

sips Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992) and pjf of IceSword Lab of Qihoo 360

UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2019-8761: Renee Trisberg of SpectX Entry added October 29, 2019

UIFoundation Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: A user may be unable to delete browsing history items Description: "Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. CVE-2019-8768: Hugo S. Diaz (coldpointblue)

WebKit Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013 and later) Impact: Visiting a maliciously crafted website may reveal browsing history Description: An issue existed in the drawing of web page elements. The issue was addressed with improved logic. CVE-2019-8769: Piérre Reimertz (@reimertz)

Additional recognition

AppleRTC We would like to acknowledge Vitaly Cheptsov for their assistance.

Audio We would like to acknowledge riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative for their assistance.

boringssl We would like to acknowledge Nimrod Aviram of Tel Aviv University, Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr University Bochum and Thijs Alkemade (@xnyhps) of Computest for their assistance.

Finder We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.

Gatekeeper We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.

Identity Service We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

mDNSResponder We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance.

python We would like to acknowledge an anonymous researcher for their assistance.

Safari Data Importing We would like to acknowledge Kent Zoya for their assistance.

Simple certificate enrollment protocol (SCEP) We would like to acknowledge an anonymous researcher for their assistance.

Telephony We would like to acknowledge Phil Stokes from SentinelOne for their assistance.

VPN We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance.

Installation note:

macOS Catalina 10.15 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y 0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki 48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/ SEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX SNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc 9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM iUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T U6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E Wvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO ju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA IvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM bOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM= =bhin -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.40.37.4835"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.36.35.5057"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.40.34.4624"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.40.38.4963"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.40.41.5058"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.36.31.4414"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.36.28.4332"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.36.34.4889"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.40.36.4703"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "intel",
        "version": "15.36.33.4578"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "15.33.47.5059"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "15.33.46.4885"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "15.33.43.4425"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "15.33.45.4653"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "intel",
        "version": "15.36.26.4294"
      },
      {
        "_id": null,
        "model": "nuc kits",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "2018 year 5 moon 24 before the japanese version"
      },
      {
        "_id": null,
        "model": "quickassist technology",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "for linux version 4.2"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "10.18.x.5056 (aka 15.33.x.5056)"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "10.18.x.5057 (aka 15.36.x.5057)"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "intel",
        "version": "20.19.x.5058 (aka 15.40.x.5058)"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.49"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.47"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.46"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.45"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.40"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.36"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.33"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "intel",
        "version": "0"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "20.19.x.5058"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.40.x.5058"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.36.x.5057"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "15.33.x.5056"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "10.18.x.5057"
      },
      {
        "_id": null,
        "model": "graphics driver",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "intel",
        "version": "10.18.x.5056"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105582"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12153"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.35.5057:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.47.5059:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12153"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155067"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2018-12153",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "VHN-122084",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.0,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-12153",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-533",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-122084",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122084"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12153"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Service operation interruption (DoS) * information leak * any WebGL Code execution. Intel Graphics Driver is prone to a remote code-execution vulnerability and a denial-of-service vulnerability. \nSuccessfully exploiting these issues may allow an attacker to execute  arbitrary code in the context of affected application or cause  denial-of-service conditions. \nIntel Graphics Driver versions prior to 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) are vulnerable. Unified Shader Compiler is one of those compilers. A remote attacker can use a specially crafted shader file to exploit this vulnerability to cause a denial of service (system crash). \nCVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at\nTechnische Universit\u00e4t Darmstadt\n\nApp Store\nAvailable for: macOS Catalina 10.15\nImpact: A local attacker may be able to login to the account of a\npreviously logged in user without valid credentials. \nCVE-2019-8803: Kiyeon An, \ucc28\ubbfc\uaddc (CHA Minkyu)\n\nAppleGraphicsControl\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi\u0027anxin\nGroup, Zhuo Liang of Qihoo 360 Vulcan Team\n\nAssociated Domains\nAvailable for: macOS Catalina 10.15\nImpact: Improper URL processing may lead to data exfiltration\nDescription: An issue existed in the parsing of URLs. \nCVE-2019-8785: Ian Beer of Google Project Zero\nCVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure\n\nBooks\nAvailable for: macOS Catalina 10.15\nImpact: Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven\n\nContacts\nAvailable for: macOS Catalina 10.15\nImpact: Processing a maliciously contact may lead to UI spoofing\nDescription: An inconsistent user interface issue was addressed with\nimproved state management. \nCVE-2019-8798: ABC Research s.r.o. \nCVE-2019-8759: another of 360 Nirvan Team\n\niTunes\nAvailable for: macOS Catalina 10.15\nImpact: Running the iTunes installer in an untrusted directory may\nresult in arbitrary code execution\nDescription: A dynamic library loading issue existed in iTunes setup. \nCVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\n\nKernel\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to read restricted memory\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2019-8750: found by OSS-Fuzz\n\nmanpages\nAvailable for: macOS High Sierra 10.13.6, macOS Catalina 10.15\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8802: Csaba Fitzl (@theevilbit)\n\nPluginKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8715: an anonymous researcher\n\nSystemExtensions\nAvailable for: macOS Catalina 10.15\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A validation issue existed in the entitlement\nverification. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-10-29-10 Additional information\nfor APPLE-SA-2019-10-07-1 macOS Catalina 10.15\n\nmacOS Catalina 10.15 addresses the following:\n\nAMD\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security\nResearch Team\n\napache_mod_php\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in PHP\nDescription: Multiple issues were addressed by updating to PHP\nversion 7.3.8. \nCVE-2019-11041\nCVE-2019-11042\n\nAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab\nEntry added October 29, 2019\n\nBooks\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted iBooks file may lead to a\npersistent denial-of-service\nDescription: A resource exhaustion issue was addressed with improved\ninput validation. \nCVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven\nEntry added October 29, 2019\n\nCFNetwork\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to a\ncross site scripting attack\nDescription: This issue was addressed with improved checks. \nCVE-2019-8753: \u0141ukasz Pilorz of Standard Chartered GBS Poland\nEntry added October 29, 2019\n\nCoreAudio\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted movie may result in the\ndisclosure of process memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2019-8705: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nCoreCrypto\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a large input may lead to a denial of service\nDescription: A denial of service issue was addressed with improved\ninput validation. \nCVE-2019-8741: Nicky Mouha of NIST\nEntry added October 29, 2019\n\nCoreMedia\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8825: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nCrash Reporter\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: The \"Share Mac Analytics\" setting may not be disabled when a\nuser deselects the switch to share analytics\nDescription: A race condition existed when reading and writing user\npreferences. This was addressed with improved state handling. \nCVE-2019-8757: William Cerniuk of Core Development, LLC\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An input validation issue was addressed with improved\ninput validation. \nCVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted string may lead to heap\ncorruption\nDescription: A memory consumption issue was addressed with improved\nmemory handling. \nCVE-2019-8767: Stephen Zeisberg\nEntry added October 29, 2019\n\nCUPS\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A denial of service issue was addressed with improved\nvalidation. \nCVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)\nEntry added October 29, 2019\n\nFile Quarantine\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to elevate privileges\nDescription: This issue was addressed by removing the vulnerable\ncode. \nCVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs\nEntry added October 29, 2019\n\nFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2019-8746: Natalie Silvanovich and Samuel Gro\u00df of Google Project\nZero\nEntry added October 29, 2019\n\nGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a malicious shader may result in unexpected\napplication termination or arbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2018-12152: Piotr Bania of Cisco Talos\nCVE-2018-12153: Piotr Bania of Cisco Talos\nCVE-2018-12154: Piotr Bania of Cisco Talos\nEntry added October 29, 2019\n\nIntel Graphics Driver\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8758: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8755: Lilang Wu and Moony Li of Trend Micro\n\nIOGraphics\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8759: another of 360 Nirvan Team\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local app may be able to read a persistent account\nidentifier\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8809: Apple\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8709: derrek (@derrekr6)\n[confirmed]derrek (@derrekr6)\nCVE-2019-8781: Linus Henze (pinauten.de)\nEntry added October 29, 2019\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8717: Jann Horn of Google Project Zero\n\nKernel\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory corruption issue existed in the handling of\nIPv6 packets. This issue was addressed with improved memory\nmanagement. \nCVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team\nEntry added October 29, 2019\n\nlibxml2\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxml2\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8749: found by OSS-Fuzz\nCVE-2019-8756: found by OSS-Fuzz\nEntry added October 29, 2019\n\nlibxslt\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Multiple issues in libxslt\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8750: found by OSS-Fuzz\nEntry added October 29, 2019\n\nmDNSResponder\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker in physical proximity may be able to passively\nobserve device names in AWDL communications\nDescription: This issue was resolved by replacing device names with a\nrandom identifier. \nCVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile\nNetworking Lab at Technische Universit\u00e4t Darmstadt\nEntry added October 29, 2019\n\nMenus\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8826: Found by GWP-ASan in Google Chrome\nEntry added October 29, 2019\n\nNotes\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: The contents of locked notes sometimes appeared in\nsearch results. This issue was addressed with improved data cleanup. \nCVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia\nPolytechnic Institute and State University\n\nPDFKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An attacker may be able to exfiltrate the contents of an\nencrypted PDF\nDescription: An issue existed in the handling of links in encrypted\nPDFs. This issue was addressed by adding a confirmation prompt. \nCVE-2019-8772: Jens M\u00fcller of Ruhr University Bochum, Fabian Ising\nof FH M\u00fcnster University of Applied Sciences, Vladislav Mladenov\nof Ruhr University Bochum, Christian Mainka of Ruhr University\nBochum, Sebastian Schinzel of FH M\u00fcnster University of Applied\nSciences, and J\u00f6rg Schwenk of Ruhr University Bochum\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A local user may be able to check for the existence of\narbitrary files\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2019-8708: an anonymous researcher\nEntry added October 29, 2019\n\nPluginKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8715: an anonymous researcher\nEntry added October 29, 2019\n\nSharedFileList\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A malicious application may be able to access recent\ndocuments\nDescription: The issue was addressed with improved permissions logic. \nCVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH\n\nsips\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992)\nand pjf of IceSword Lab of Qihoo 360\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription: This issue was addressed with improved checks. \nCVE-2019-8761: Renee Trisberg of SpectX\nEntry added October 29, 2019\n\nUIFoundation\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8745: riusksk of VulWar Corp working with Trend Micro\u0027s Zero\nDay Initiative\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: A user may be unable to delete browsing history items\nDescription: \"Clear History and Website Data\" did not clear the\nhistory. The issue was addressed with improved data deletion. \nCVE-2019-8768: Hugo S. Diaz (coldpointblue)\n\nWebKit\nAvailable for: MacBook (Early 2015 and later), MacBook Air (Mid 2012\nand later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and\nlater), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro\n(Late 2013 and later)\nImpact: Visiting a maliciously crafted website may reveal browsing\nhistory\nDescription: An issue existed in the drawing of web page elements. \nThe issue was addressed with improved logic. \nCVE-2019-8769: Pi\u00e9rre Reimertz (@reimertz)\n\nAdditional recognition\n\nAppleRTC\nWe would like to acknowledge Vitaly Cheptsov for their assistance. \n\nAudio\nWe would like to acknowledge riusksk of VulWar Corp working with\nTrend Micro\u0027s Zero Day Initiative for their assistance. \n\nboringssl\nWe would like to acknowledge Nimrod Aviram of Tel Aviv University,\nRobert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr\nUniversity Bochum and Thijs Alkemade (@xnyhps) of Computest for their\nassistance. \n\nFinder\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nGatekeeper\nWe would like to acknowledge Csaba Fitzl (@theevilbit) for their\nassistance. \n\nIdentity Service\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nmDNSResponder\nWe would like to acknowledge Gregor Lang of e.solutions GmbH for\ntheir assistance. \n\npython\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nSafari Data Importing\nWe would like to acknowledge Kent Zoya for their assistance. \n\nSimple certificate enrollment protocol (SCEP)\nWe would like to acknowledge an anonymous researcher for their\nassistance. \n\nTelephony\nWe would like to acknowledge Phil Stokes from SentinelOne for their\nassistance. \n\nVPN\nWe would like to acknowledge Royce Gawron of Second Son Consulting,\nInc. for their assistance. \n\nInstallation note:\n\nmacOS Catalina 10.15 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y\n0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki\n48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/\nSEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX\nSNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc\n9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM\niUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T\nU6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E\nWvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO\nju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA\nIvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM\nbOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM=\n=bhin\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12153"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "BID",
        "id": "105582"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122084"
      },
      {
        "db": "PACKETSTORM",
        "id": "155067"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-12153",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "105582",
        "trust": 2.0
      },
      {
        "db": "JVN",
        "id": "JVNVU99973215",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155067",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4010",
        "trust": 0.6
      },
      {
        "db": "LENOVO",
        "id": "LEN-24426",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-122084",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155066",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122084"
      },
      {
        "db": "BID",
        "id": "105582"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "PACKETSTORM",
        "id": "155067"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12153"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ]
  },
  "id": "VAR-201810-0092",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122084"
      }
    ],
    "trust": 0.725
  },
  "last_update_date": "2023-12-18T11:44:21.125000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "INTEL-OSS-10005 - Intel QuickAssist Technology for Linux Advisory",
        "trust": 0.8,
        "url": "https://01.org/security/advisories/intel-oss-10005"
      },
      {
        "title": "INTEL-SA-00166 - Intel Graphics Driver Unified Shader Compiler Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
      },
      {
        "title": "INTEL-SA-00168 - Intel NUC Bios Updater Advisory",
        "trust": 0.8,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00168.html"
      },
      {
        "title": "Intel Graphics Drivers Unified Shader Compiler Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86131"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122084"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12153"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.0,
        "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105582"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht210634"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht210722"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2019/oct/55"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2019/oct/56"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12152"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12153"
      },
      {
        "trust": 1.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12154"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12152"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12158"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12153"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12154"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12193"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu99973215/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12158"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12193"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-au/ht201222"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-30747"
      },
      {
        "trust": 0.6,
        "url": "https://support.lenovo.com/us/en/solutions/len-24426"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155067/apple-security-advisory-2019-10-29-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4010/"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210722"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht210634"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8706"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8744"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8736"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8750"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8708"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8509"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8756"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8737"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8749"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8715"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8784"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8789"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8788"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7152"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8716"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8786"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8801"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8787"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8794"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8798"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8797"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8785"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8759"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8761"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11042"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8753"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11041"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8717"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8757"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8701"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8730"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8746"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8745"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8748"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8758"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8709"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8755"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8705"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-8741"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122084"
      },
      {
        "db": "BID",
        "id": "105582"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      },
      {
        "db": "PACKETSTORM",
        "id": "155067"
      },
      {
        "db": "PACKETSTORM",
        "id": "155066"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12153"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-122084",
        "ident": null
      },
      {
        "db": "BID",
        "id": "105582",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155067",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "155066",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12153",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122084",
        "ident": null
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "BID",
        "id": "105582",
        "ident": null
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008201",
        "ident": null
      },
      {
        "date": "2019-11-01T17:11:03",
        "db": "PACKETSTORM",
        "id": "155067",
        "ident": null
      },
      {
        "date": "2019-11-01T17:10:40",
        "db": "PACKETSTORM",
        "id": "155066",
        "ident": null
      },
      {
        "date": "2018-10-10T18:29:03.920000",
        "db": "NVD",
        "id": "CVE-2018-12153",
        "ident": null
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-533",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2019-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122084",
        "ident": null
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "BID",
        "id": "105582",
        "ident": null
      },
      {
        "date": "2019-07-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-008201",
        "ident": null
      },
      {
        "date": "2019-10-30T03:15:14.123000",
        "db": "NVD",
        "id": "CVE-2018-12153",
        "ident": null
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-533",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "105582"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "_id": null,
    "data": "Intel Multiple vulnerabilities in the product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-008201"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-533"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-12153

Vulnerability from fkie_nvd - Published: 2018-10-10 18:29 - Updated: 2024-11-21 03:44

Severity ?

6.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
secure@intel.com	http://seclists.org/fulldisclosure/2019/Oct/55
secure@intel.com	http://seclists.org/fulldisclosure/2019/Oct/56
secure@intel.com	http://www.securityfocus.com/bid/105582	Third Party Advisory, VDB Entry
secure@intel.com	https://support.apple.com/kb/HT210634
secure@intel.com	https://support.apple.com/kb/HT210722
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Oct/55
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2019/Oct/56
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105582	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210634
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT210722
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html	Vendor Advisory

Impacted products

Vendor	Product	Version
intel	graphics_driver	15.33.43.4425
intel	graphics_driver	15.33.45.4653
intel	graphics_driver	15.33.46.4885
intel	graphics_driver	15.33.47.5059
intel	graphics_driver	15.36.26.4294
intel	graphics_driver	15.36.28.4332
intel	graphics_driver	15.36.31.4414
intel	graphics_driver	15.36.33.4578
intel	graphics_driver	15.36.34.4889
intel	graphics_driver	15.36.35.5057
intel	graphics_driver	15.40.34.4624
intel	graphics_driver	15.40.36.4703
intel	graphics_driver	15.40.37.4835
intel	graphics_driver	15.40.38.4963
intel	graphics_driver	15.40.41.5058

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E5968D-A8DF-48A4-8B2D-3FD3D4CAA33B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8D4743-2DA3-4638-956D-CD816C063D79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF3AA02-FA3E-407E-9DAB-D849B3192226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.33.47.5059:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CBA701-583B-42FF-997A-1492372FAB9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E25D2E3-B3C5-4D54-AC38-51EA755753DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*",
              "matchCriteriaId": "565BC82E-A142-4660-B14A-E6D53FFCB39B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*",
              "matchCriteriaId": "116D57F0-4884-4545-BDDA-2C97474DD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9875754-1D9E-4547-B6F8-35D49EF10A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*",
              "matchCriteriaId": "24752A43-443A-434A-AE3C-3FC6537FCAA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.36.35.5057:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADFD9FC-1236-4414-A7CF-459840B117CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DB6338-23B0-4C1D-97C2-345A22EDCFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7C8297-0E65-4659-8049-34401194D0FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D10DEC-49BC-4226-83CE-0C4B805CD296",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1FDD8D7-E7EA-4758-A8FA-8B0D038485B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBCDCF96-ACF9-4074-AEC0-2EA9CAE43577",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access."
    },
    {
      "lang": "es",
      "value": "Denegaci\u00f3n de servicio (DoS) en Unified Shader Compiler en Intel Graphics Drivers en versiones anteriores a la 10.18.x.5056 (tambi\u00e9n conocida como 15.33.x.5056), 10.18.x.5057 (tambi\u00e9n conocida como 15.36.x.5057) y 20.19.x.5058 (tambi\u00e9n conocida como 15.40.x.5058) podr\u00eda permitir que un usuario sin privilegios de un invitado de m\u00e1quina virtual provoque el cierre inesperado del sistema host mediante acceso local."
    }
  ],
  "id": "CVE-2018-12153",
  "lastModified": "2024-11-21T03:44:40.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-10T18:29:03.920",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
    },
    {
      "source": "secure@intel.com",
      "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105582"
    },
    {
      "source": "secure@intel.com",
      "url": "https://support.apple.com/kb/HT210634"
    },
    {
      "source": "secure@intel.com",
      "url": "https://support.apple.com/kb/HT210722"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105582"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT210634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT210722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-12153

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-12153

Aliases

CVE-2018-12153

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12153",
    "description": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.",
    "id": "GSD-2018-12153"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12153"
      ],
      "details": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.",
      "id": "GSD-2018-12153",
      "modified": "2023-12-13T01:22:30.059687Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@intel.com",
        "DATE_PUBLIC": "2018-10-09T00:00:00",
        "ID": "CVE-2018-12153",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Intel Graphics Driver",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Various"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Intel Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Denial of Service"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105582",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105582"
          },
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html",
            "refsource": "CONFIRM",
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
          },
          {
            "name": "https://support.apple.com/kb/HT210634",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT210634"
          },
          {
            "name": "https://support.apple.com/kb/HT210722",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT210722"
          },
          {
            "name": "20191031 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
          },
          {
            "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.28.4332:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.26.4294:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.46.4885:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.45.4653:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.38.4963:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.37.4835:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.36.4703:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.34.4624:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.35.5057:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.31.4414:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.43.4425:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.40.41.5058:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.34.4889:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.36.33.4578:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:intel:graphics_driver:15.33.47.5059:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2018-12153"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
            },
            {
              "name": "105582",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105582"
            },
            {
              "name": "https://support.apple.com/kb/HT210722",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT210722"
            },
            {
              "name": "https://support.apple.com/kb/HT210634",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT210634"
            },
            {
              "name": "20191031 APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update 2019-001 Mojave, Security Update 2019-006 High Sierra",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
            },
            {
              "name": "20191031 APPLE-SA-2019-10-29-10 Additional information for APPLE-SA-2019-10-07-1 macOS Catalina 10.15",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.0,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2019-10-30T03:15Z",
      "publishedDate": "2018-10-10T18:29Z"
    }
  }
}

GHSA-CGW8-6RC7-29XF

Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-10T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.",
  "id": "GHSA-cgw8-6rc7-29xf",
  "modified": "2022-05-13T01:30:59Z",
  "published": "2022-05-13T01:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12153"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT210634"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT210722"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Oct/55"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Oct/56"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105582"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12153 (GCVE-0-2018-12153)

CERTFR-2019-AVI-539

Solution

CERTFR-2019-AVI-539

Solution

VAR-201810-0092

FKIE_CVE-2018-12153

GSD-2018-12153

GHSA-CGW8-6RC7-29XF

Tags

Sightings

Nomenclature