5.1
CVE-2019-5068
- EPSS 0.5%
- Veröffentlicht 05.11.2019 22:15:14
- Zuletzt bearbeitet 21.11.2024 04:44:17
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.39 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 1.8 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
| nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
| talos-cna@cisco.com | 5.1 | 2.5 | 2.5 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-277 Insecure Inherited Permissions
A product defines a set of insecure permissions that are inherited by objects that are created by the program.
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
https://usn.ubuntu.com/4271-1/