CVE-2019-5068
Published: 5 November 2019
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
Notes
| Author | Note |
|---|---|
| sbeattie | mesa and its build dependencies have been updated for the HWE stack in bionic, so to fix this there will require no-change rebuilds in the security pocket for libdrm, libclc, wayland, and llvm-toolchain-9. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mesa Launchpad, Ubuntu, Debian |
bionic |
Released
(19.2.8-0ubuntu0~18.04.2)
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Released
(19.2.8-0ubuntu0~19.10.2)
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Released
(19.2.6-1)
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
Patches: upstream: https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.4 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |