CVE-2019-11085
Published: 17 May 2019
Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
From the Ubuntu Security Team
Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-55.60)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(4.19.0-12.13)
|
|
trusty |
Not vulnerable
(3.11.0-12.19)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.2.0-16.19)
|
|
Patches: Introduced by 659643f7d81432189c2c87230e2feee4c75c14c1 |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1047.49)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1047.49~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1025.27~18.04.1)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Ignored
(was needed ESM criteria)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1051.56)
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.18.0-1025.27~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1051.56)
|
|
linux-euclid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of life, was needs-triage)
|
|
linux-flo Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1037.39~16.04.1)
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-gke Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of standard support)
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1037.39)
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1011.11~18.04.1)
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of life)
|
|
linux-grouper Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-23.24~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-55.60~16.04.2)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-15.16~18.04.1)
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-55.60~16.04.2)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1039.39)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1001.1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1004.9)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-maguro Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-mako Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(abandoned)
|
|
linux-manta Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.57)
|
cosmic |
Ignored
(end of life)
|
|
disco |
Released
(4.15.0-1050.57)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1018.20)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Released
(4.15.0-1018.20)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Released
(4.15.0-1018.20~16.04.1)
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1041.44)
|
cosmic |
Ignored
(end of life, was pending)
|
|
disco |
Not vulnerable
(5.0.0-1004.4)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.2.0-1013.19)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1058.64)
|
cosmic |
Does not exist
|
|
disco |
Not vulnerable
(5.0.0-1010.10)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.0~rc3)
|
|
xenial |
Not vulnerable
(4.4.0-1012.12)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://git.kernel.org/linus/51b00d8509dc69c98740da2ad07308b630d3eb7d
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html
- https://ubuntu.com/security/notices/USN-4068-1
- https://ubuntu.com/security/notices/USN-4068-2
- https://ubuntu.com/security/notices/USN-4118-1
- https://www.cve.org/CVERecord?id=CVE-2019-11085
- NVD
- Launchpad
- Debian