CVE-2019-5068

MEDIUM

X11 Mesa 3D Graphics Library <19.1.2 - Memory Corruption

Title source: llm

Description

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

References (6)

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html

[Third Party Advisory] https://usn.ubuntu.com/4271-1/

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857

[Mailing List, Patch, Third Party Advisory] https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html

[Patch, Third Party Advisory] https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc

Scores

CVSS v3 4.4

EPSS 0.0008

EPSS Percentile 22.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-277 CWE-732

Status published

Products (5)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 19.10

debian/debian_linux 8.0

mesa3d/mesa 19.1.2

opensuse/leap 15.1

Published Nov 05, 2019

Tracked Since Feb 18, 2026