CVE-2019-5068
First published: Tue Nov 05 2019(Updated: )
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
Credit: talos-cna@cisco.com talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mesa3d Mesa | =19.1.2 | |
| openSUSE Leap | =15.1 | |
| Debian Debian Linux | =8.0 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| ubuntu/mesa | <19.2.8-0ubuntu0~18.04.2 | 19.2.8-0ubuntu0~18.04.2 |
| ubuntu/mesa | <19.2.8-0ubuntu0~19.10.2 | 19.2.8-0ubuntu0~19.10.2 |
| ubuntu/mesa | <19.2.6-1 | 19.2.6-1 |
| debian/mesa | 20.3.5-1 22.3.6-1+deb12u1 24.1.3-2 24.1.6-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html
- https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
- https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html
- https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
- https://usn.ubuntu.com/4271-1/
- https://ubuntu.com/security/notices/USN-4271-1
- https://www.cve.org/CVERecord?id=CVE-2019-5068
- https://nvd.nist.gov/vuln/detail/CVE-2019-5068
- https://launchpad.net/bugs/cve/CVE-2019-5068
- https://security-tracker.debian.org/tracker/CVE-2019-5068
- https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc
- https://ubuntu.com/security/CVE-2019-5068
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- agent/remedy
- agent/description
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/mesa3d
- canonical/mesa3d mesa
- version/mesa3d mesa/19.1.2
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- package-manager/ubuntu
- package-manager/debian