Strix
26.1K

CVE-2018-18089

UnknownEPSS 0.33%

Last modified

CVE-2018-18089 is a vulnerability of currently unknown severity. Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.

Metrics

EPSS Probability
0.33%

24.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IntelGraphics Driver15.33.43.4425
IntelGraphics Driver15.33.45.4653
IntelGraphics Driver15.33.46.4885
IntelGraphics Driver15.36.26.4294
IntelGraphics Driver15.36.28.4332
IntelGraphics Driver15.36.31.4414
IntelGraphics Driver15.36.33.4578
IntelGraphics Driver15.36.34.4889
IntelGraphics Driver15.40.34.4624
IntelGraphics Driver15.40.36.4703
IntelGraphics Driver15.40.37.4835
IntelGraphics Driver15.40.38.4963
IntelGraphics Driver15.40.41.5058
IntelGraphics Driver15.45.18.4664
IntelGraphics Driver15.45.19.4678
IntelGraphics Driver15.45.21.4821
IntelGraphics Driver15.45.23.4860
IntelGraphics Driver24.20.100.6025
IntelGraphics Driver24.20.100.6094
IntelGraphics Driver24.20.100.6136
IntelGraphics Driver24.20.100.6194
IntelGraphics Driver24.20.100.6229
IntelGraphics Driver24.20.100.6286

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-18089?
Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access.
How severe is CVE-2018-18089?
Severity scoring for CVE-2018-18089 is pending analysis. The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.
How do I fix CVE-2018-18089?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-18089?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST