5.1

CVE-2019-5068

Exploit
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mesa3dMesa Version19.1.2
OpensuseLeap Version15.1
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.5% 0.39
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
talos-cna@cisco.com 5.1 2.5 2.5
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CWE-277 Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
Third Party Advisory
Mailing List
https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
Third Party Advisory
Mailing List
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
Patch
Third Party Advisory
Mailing List
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
Third Party Advisory
Exploit
https://usn.ubuntu.com/4271-1/
Third Party Advisory