CVE-2019-11085
Published: 17 May 2019
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
From the Ubuntu Security Team
Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-55.60)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(4.19.0-12.13)
|
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.2.0-16.19)
|
|
Patches: Introduced by 659643f7d81432189c2c87230e2feee4c75c14c1 |
||
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
disco |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of life)
|
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1047.49)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1025.27~18.04.1)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1051.56)
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1047.49~16.04.1)
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1025.27~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1051.56)
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of life, was needs-triage)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1037.39~16.04.1)
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-23.24~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-55.60~16.04.2)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-55.60~16.04.2)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1039.39)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.57)
|
cosmic |
Ignored
(end of life)
|
|
disco |
Released
(4.15.0-1050.57)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1018.20)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(4.15.0-1018.20)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1018.20~16.04.1)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1041.44)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1004.4)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1058.64)
|
cosmic |
Does not exist
|
|
disco |
Not vulnerable
(5.0.0-1010.10)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1012.12)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11085
- https://git.kernel.org/linus/51b00d8509dc69c98740da2ad07308b630d3eb7d
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
- https://ubuntu.com/security/notices/USN-4068-1
- https://ubuntu.com/security/notices/USN-4068-2
- https://ubuntu.com/security/notices/USN-4118-1
- NVD
- Launchpad
- Debian