CVE-2019-0155
Published: 12 November 2019
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
From the Ubuntu Security Team
It was discovered that the Intel i915 graphics chipsets allowed userspace to modify page table entries via writes to MMIO from the Blitter Command Streamer and expose kernel memory information. A local attacker could use this to expose sensitive information or possibly elevate privileges.
Notes
| Author | Note |
|---|---|
| tyhicks | This issue only affects IntelĀ® Graphics Processing Units |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-70.79)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-36.39)
|
|
| eoan |
Released
(5.3.0-23.25)
|
|
| focal |
Not vulnerable
(5.4.0-9.12)
|
|
| trusty |
Not vulnerable
(3.11.0-12.19)
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-169.198)
|
|
|
Patches: Introduced by 72bbf0af0c76cbefe9cecbd2ed670b7555e03625 Introduced by 72bbf0af0c76cbefe9cecbd2ed670b7555e03625 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1056.58)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-1022.25)
|
|
| eoan |
Released
(5.3.0-1008.9)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Released
(4.4.0-1059.63)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1099.110)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1022.25~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1056.58~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1027.29~18.04.1)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-1027.29)
|
|
| eoan |
Released
(5.3.0-1008.9)
|
|
| focal |
Not vulnerable
(5.4.0-1006.6)
|
|
| trusty |
Released
(4.15.0-1064.69~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1064.69)
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1008.9~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end of life, was needs-triage)
|
|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1026.27~18.04.1)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-1026.27)
|
|
| eoan |
Released
(5.3.0-1009.10)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1050.53)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-1009.10~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was needs-triage)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end of standard support)
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1049.52)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1026.27~18.04.2)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end of life)
|
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-36.39~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-70.79~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(5.3.0-23.25~18.04.1)
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end of life, was needs-triage)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1051.51)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-1023.25)
|
|
| eoan |
Released
(5.3.0-1008.9)
|
|
| focal |
Not vulnerable
(5.4.0-1004.4)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1063.70)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Released
(4.4.0-169.198~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(abandoned)
|
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| cosmic |
Does not exist
|
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1064.73)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Released
(4.15.0-1064.73)
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| focal |
Not vulnerable
(5.4.0-1002.4)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1028.32)
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Released
(5.0.0-1028.32)
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1030.33)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-1008.13)
|
|
| eoan |
Released
(5.3.0-1007.8)
|
|
| focal |
Not vulnerable
(5.4.0-1005.5)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.15.0-1030.33~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1008.13~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1052.56)
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Released
(5.0.0-1023.24)
|
|
| eoan |
Released
(5.3.0-1014.16)
|
|
| focal |
Ignored
(end of life, was needed)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1126.135)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1069.76)
|
| cosmic |
Does not exist
|
|
| disco |
Released
(5.0.0-1027.29)
|
|
| eoan |
Does not exist
|
|
| focal |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.4~rc8)
|
|
| xenial |
Released
(4.4.0-1130.138)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/TAA_MCEPSC_i915
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html
- https://ubuntu.com/security/notices/USN-4183-1
- https://ubuntu.com/security/notices/USN-4184-1
- https://ubuntu.com/security/notices/USN-4185-1
- https://ubuntu.com/security/notices/USN-4186-1
- https://ubuntu.com/security/notices/USN-4186-2
- https://ubuntu.com/security/notices/USN-4185-3
- https://ubuntu.com/security/notices/USN-4183-2
- https://ubuntu.com/security/notices/USN-4186-3
- https://ubuntu.com/security/notices/USN-4184-2
- https://www.cve.org/CVERecord?id=CVE-2019-0155
- NVD
- Launchpad
- Debian