CVE-2019-5068
First published: Tue Nov 05 2019(Updated: )
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
Credit: talos-cna@cisco.com talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/mesa | <19.2.8-0ubuntu0~18.04.2 | 19.2.8-0ubuntu0~18.04.2 |
| ubuntu/mesa | <19.2.8-0ubuntu0~19.10.2 | 19.2.8-0ubuntu0~19.10.2 |
| ubuntu/mesa | <19.2.6-1 | 19.2.6-1 |
| debian/mesa | 20.3.5-1 22.3.6-1+deb12u1 24.1.3-2 24.1.6-1 | |
| SUSE Mesa DRI 32-bit | =19.1.2 | |
| SUSE Linux | =15.1 | |
| Debian | =8.0 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
- https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
- https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
- https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
- https://usn.ubuntu.com/4271-1/
- https://ubuntu.com/security/notices/USN-4271-1
- https://www.cve.org/CVERecord?id=CVE-2019-5068
- https://nvd.nist.gov/vuln/detail/CVE-2019-5068
- https://launchpad.net/bugs/cve/CVE-2019-5068
- https://security-tracker.debian.org/tracker/CVE-2019-5068
- https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
- https://ubuntu.com/security/CVE-2019-5068
Frequently Asked Questions
What is the severity of CVE-2019-5068?
CVE-2019-5068 has a high severity due to its potential for attackers to access shared memory without permissions.
How do I fix CVE-2019-5068?
To fix CVE-2019-5068, upgrade Mesa 3D Graphics Library to version 19.2.8 or later for Ubuntu and Debian systems.
Which versions are affected by CVE-2019-5068?
CVE-2019-5068 affects Mesa 3D Graphics Library version 19.1.2 and earlier.
Is CVE-2019-5068 present in all operating systems?
No, CVE-2019-5068 specifically affects certain releases of Ubuntu, Debian, and openSUSE.
Can CVE-2019-5068 be exploited remotely?
CVE-2019-5068 requires local access to exploit shared memory permissions, making it less likely for remote exploitation.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/mesa3d
- canonical/suse mesa dri 32-bit
- version/suse mesa dri 32-bit/19.1.2
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.1
- vendor/debian
- canonical/debian
- version/debian/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/18.04
- version/ubuntu/19.10