Multiple potential vulnerabilities in User Mode driver components of Intel Graphics Driver Unified Shader Compiler - US

Lenovo Security Advisory: LEN-24426

Potential Impact: Elevation of Privilege, Denial of Service

**Severity:**High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-12152, CVE-2018-12153, CVE-2018-12154

Summary Description:

The Intel® Graphics Drivers for Windows version 15.40.4963 and 15.36.4889 (or earlier) running on a 4th or 5th Generation Core™ processor with Intel HD Graphics, failed to sanitize malicious input resulting in 3 potential attack conditions as follows. In some cases they might be reached via network attacker through WebGL or from a VMware guest VM.

CVE-2018-12152 - Invalid memory access in User Mode Driver in Intel Graphics Driver Unified Shader Compiler may allow an unprivileged user to cause arbitrary code execution via a specially crafted pixel shader.

CVE-2018-12153 - A specially crafted pixel shader may allow an unprivileged software application to cause denialof-service issues with Intel Driver software igdusc64.dll where an implementation issue may trigger an unhandled exception.

CVE-2018-12154 - A specially crafted pixel shader may cause the Intel Graphics Driver Unified Shader Compiler to enter an infinite loop, resulting in the shader compiler, and hence the attacking application, to both hang.

Mitigation Strategy for Customers (what you should do to protect yourself):

Intel recommends updating to the Intel® Graphics Drivers for Windows version indicated for your model in the Product Impact section below.

Product Impact: