CVE-2018-12209

Vulnerability

An insufficient access control vulnerability exists in the User Mode Driver (UMD) component of the Intel Graphics Driver for Windows. Versions before 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063), 21.20.x.5064 (aka 15.45.x.5064), and 24.20.100.6373 are affected. The driver fails to properly restrict access, allowing an unprivileged user to read device configuration information through local access [1].

Exploitation

An attacker must have local access to the system and the ability to interact with the vulnerable User Mode Driver interface. No administrative privileges or special authentication is required beyond being able to execute code or commands on the target machine. The attacker can trigger the vulnerable code path to query device configuration data, which the driver returns without adequate permission checks [1].

Impact

Successful exploitation leads to the disclosure of device configuration information. This is a confidentiality breach that could expose sensitive hardware details, which may aid in further targeted attacks. The attacker does not gain code execution or elevated privileges, but the information leak violates the intended access controls [1].

Mitigation

Intel released fixed driver versions that address the insufficient access control: 10.18.x.5059 (15.33.x.5059), 10.18.x.5057 (15.36.x.5057), 20.19.x.5063 (15.40.x.5063), 22.20.x.5064 (15.45.x.5064), and 24.20.100.6373. Users should update to these or later versions via the Intel Driver & Support Assistant or their system manufacturer's update channels [1].