CVE-2019-5068

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
talosCNA
5.1 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
mesa3dmesa
19.1.2
opensuseleap
15.1
debiandebian_linux
8.0
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mesa
bullseye
20.3.5-1
fixed
stretch
ignored
bookworm
22.3.6-1+deb12u1
fixed
trixie
24.2.4-1
fixed
sid
24.2.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mesa
eoan
Fixed 19.2.8-0ubuntu0~19.10.2
released
disco
ignored
bionic
Fixed 19.2.8-0ubuntu0~18.04.2
released
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
https://usn.ubuntu.com/4271-1/
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
https://usn.ubuntu.com/4271-1/