VAR-201904-0759
Vulnerability from variot - Updated: 2023-12-18 12:43Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Graphics Performance Analyzer for Linux is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Graphics Performance Analyzer 2019 R1 are vulnerable. It only needs to provide functions such as graphics analysis and optimization. The vulnerability stems from the lack of effective permission and access control measures in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0759",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "graphics performance analyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "intel",
"version": "18.4"
},
{
"model": "broadwell",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "u i5 vpro mybdwi5v.86a"
},
{
"model": "graphics performance analyzer",
"scope": "lte",
"trust": 0.8,
"vendor": "intel",
"version": "for linux 18.4"
},
{
"model": "media sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "intel",
"version": "2018 r2.1"
},
{
"model": "microprocessors",
"scope": "eq",
"trust": 0.8,
"vendor": "intel",
"version": "with virtual memory mapping"
},
{
"model": "graphics performance analyzer r4",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2018"
},
{
"model": "graphics performance analyzer r1",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2018"
},
{
"model": "graphics performance analyzer r4",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2017"
},
{
"model": "graphics performance analyzer r1",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2017"
},
{
"model": "graphics performance analyzer r4",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2016"
},
{
"model": "graphics performance analyzer r1",
"scope": "eq",
"trust": 0.3,
"vendor": "intel",
"version": "2016"
},
{
"model": "graphics performance analyzer r1",
"scope": "ne",
"trust": 0.3,
"vendor": "intel",
"version": "2019"
}
],
"sources": [
{
"db": "BID",
"id": "107888"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2019-0158"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:graphics_performance_analyzer:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndIncluding": "18.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0158"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Henry",
"sources": [
{
"db": "BID",
"id": "107888"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
],
"trust": 0.9
},
"cve": "CVE-2019-0158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-140189",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0158",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-604",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-140189",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140189"
},
{
"db": "NVD",
"id": "CVE-2019-0158"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Graphics Performance Analyzer for Linux is prone to a local privilege-escalation vulnerability. \nA local attacker can exploit this issue to gain elevated privileges. \nVersions prior to Graphics Performance Analyzer 2019 R1 are vulnerable. It only needs to provide functions such as graphics analysis and optimization. The vulnerability stems from the lack of effective permission and access control measures in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0158"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "BID",
"id": "107888"
},
{
"db": "VULHUB",
"id": "VHN-140189"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0158",
"trust": 2.8
},
{
"db": "BID",
"id": "107888",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU90136041",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-140189",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140189"
},
{
"db": "BID",
"id": "107888"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2019-0158"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
]
},
"id": "VAR-201904-0759",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-140189"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:34.103000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "INTEL-SA-00201",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00201.html"
},
{
"title": "INTEL-SA-00236",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00236.html"
},
{
"title": "INTEL-SA-00238",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00238.html"
},
{
"title": "INTEL-SA-00239",
"trust": 0.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00239.html"
},
{
"title": "Intel Graphics Performance Analyzer for Linux Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=91415"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140189"
},
{
"db": "NVD",
"id": "CVE-2019-0158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107888"
},
{
"trust": 2.0,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00236.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0158"
},
{
"trust": 0.9,
"url": "http://www.intel.com/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0162"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0163"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18094"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0158"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90136041/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18094"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0162"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0163"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-140189"
},
{
"db": "BID",
"id": "107888"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2019-0158"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-140189"
},
{
"db": "BID",
"id": "107888"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"db": "NVD",
"id": "CVE-2019-0158"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-140189"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107888"
},
{
"date": "2019-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"date": "2019-04-17T18:29:00.277000",
"db": "NVD",
"id": "CVE-2019-0158"
},
{
"date": "2019-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-140189"
},
{
"date": "2019-04-09T00:00:00",
"db": "BID",
"id": "107888"
},
{
"date": "2019-09-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002605"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-0158"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "107888"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel Multiple vulnerabilities in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-604"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…