Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator

TalosIntelligence

Security / TalosIntelligence 35 Views 0

Vulnerabilities discovered by Piotr Bania of Cisco Talos

Talos is disclosing a pointer corruption vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator.


Overview

In order for the graphics to be produced, the graphics accelerators need to process the OpenGL scripts into actual graphics. That process is named "shader compilation." On the Intel Graphics accelerator, this is done inside the igdusc64 dynamic linked library (DLL), and this is where the vulnerability exists.


TALOS-2018-0533 - Intel Unified Shader Compiler for Intel Graphics Accelerator Pointer Corruption

An exploitable pointer corruption vulnerability exists in the Intel's Unified Shader Compiler for IntelⓇ Graphics Accelerator, version 10.18.14.4889. A specially crafted pixel shader can cause a pointer corruption,& that if exploited successfully, may lead to code execution. An attacker can trigger the vulnerability by supplying a specially crafted shader file, either in binary or text form. The vulnerability can be triggered from a VMware guest affecting VMware host (potentially causing VMware to crash or a guest-to-host escape). Under specific circumstances, WebGL may also be an attack vector.

CVE: CVE-2018-12152

A full technical advisory is available here.

TALOS-2018-0568 - Intel Unified Shader Compiler for Intel Graphics Accelerator Remote Denial of Service

An exploitable denial-of-service vulnerability exists in the Intel's Unified Shader Compiler for Intel Graphics Accelerator (10.18.14.4889). An attacker can provide a specially crafted shader file (either in binary or text form) to trigger this vulnerability. This vulnerability can be triggered from VMware guest and the vmware-vmx.exe process crash on the host.

CVE: CVE-2018-12153

A full technical advisory is available here.

TALOS-2018-0579 - Intel Unified Shader Compiler for Intel Graphics Accelerator Remote Denial of Service

An exploitable pointer corruption vulnerability exists in the Intel's Unified Shader Compiler for Intel Graphics Accelerator, version 10.18.14.4889. A specially crafted pixel shader can cause an infinite loop, leading to a denial of service.

The vulnerability can be triggered from a VMware guest affecting VMware host where the vmware-vmx.exe will become unresponsive while consuming CPU resources.

CVE: CVE-2018-12154

A full technical advisory is available here.

Discussion

Vulnerabilities that may lead to virtual machine guest-to-host escape are especially insidious, as they may expose more than just the targeted system. The possibility of a remote attack vector through the WebGL increases the risk posed by this vulnerability, has it provides a bigger landscape of attack.

Coverage

The following Snort IDs have been released to detect these vulnerabilities:
45752 - 45753, 46173 - 46174, 46388 - 46389

Comments