CVE Vulnerabilities

CVE-2018-18091

Use After Free

Published: Mar 14, 2019 | Modified: Apr 04, 2019
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access.

Weakness

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Affected Software

Name Vendor Start Version End Version
Graphics_driver Intel 15.33.43.4425 15.33.43.4425
Graphics_driver Intel 15.33.45.4653 15.33.45.4653
Graphics_driver Intel 15.33.46.4885 15.33.46.4885
Graphics_driver Intel 15.36.26.4294 15.36.26.4294
Graphics_driver Intel 15.36.28.4332 15.36.28.4332
Graphics_driver Intel 15.36.31.4414 15.36.31.4414
Graphics_driver Intel 15.36.33.4578 15.36.33.4578
Graphics_driver Intel 15.36.34.4889 15.36.34.4889
Graphics_driver Intel 15.40.34.4624 15.40.34.4624
Graphics_driver Intel 15.40.36.4703 15.40.36.4703
Graphics_driver Intel 15.40.37.4835 15.40.37.4835
Graphics_driver Intel 15.40.38.4963 15.40.38.4963
Graphics_driver Intel 15.40.41.5058 15.40.41.5058
Graphics_driver Intel 15.45.18.4664 15.45.18.4664
Graphics_driver Intel 15.45.19.4678 15.45.19.4678
Graphics_driver Intel 15.45.21.4821 15.45.21.4821
Graphics_driver Intel 15.45.23.4860 15.45.23.4860
Graphics_driver Intel 24.20.100.6025 24.20.100.6025
Graphics_driver Intel 24.20.100.6094 24.20.100.6094
Graphics_driver Intel 24.20.100.6136 24.20.100.6136
Graphics_driver Intel 24.20.100.6194 24.20.100.6194
Graphics_driver Intel 24.20.100.6229 24.20.100.6229
Graphics_driver Intel 24.20.100.6286 24.20.100.6286

Extended Description

The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. The simplest way data corruption may occur involves the system’s reuse of the freed memory. Use-after-free errors have two common and sometimes overlapping causes:

In this scenario, the memory in question is allocated to another pointer validly at some point after it has been freed. The original pointer to the freed memory is used again and points to somewhere within the new allocation. As the data is changed, it corrupts the validly used memory; this induces undefined behavior in the process. If the newly allocated data happens to hold a class, in C++ for example, various function pointers may be scattered within the heap data. If one of these function pointers is overwritten with an address to valid shellcode, execution of arbitrary code can be achieved.

Potential Mitigations

References