CVE-2019-5068 — Insecure Inherited Permissions in Mesa

CWE-277 — Insecure Inherited Permissions CWE-732 — Incorrect Permission Assignment9 documents8 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 77.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mesa3d Mesa Canonical Ubuntu Linux Debian Linux +1 more

Timeline

PublishedNov 5

Latest updateMay 24

Description

An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages3 packages

▶Debianmesa3d/mesa< 19.2.6-1+3

▶NVDmesa3d/mesa19.1.2

▶NVDopensuse/leap15.1

Also affects: Debian Linux 8.0, Ubuntu Linux 18.04, 19.10

Patches

Patch: gitlab.freedesktop.org ↗Patch: lists.freedesktop.org ↗Patch: gitlab.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-rrg9-xrw3-h9vv: An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19↗2022-05-24

▶

OSV

CVE-2019-5068: An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19↗2019-11-05

▶

CVEList

CVE-2019-5068: An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19↗2019-11-05

▶

📋Vendor Advisories

Ubuntu

Mesa vulnerability↗2020-02-06

▶

Red Hat

mesa: security bypass in 3D library graphics↗2019-10-23

▶

Debian

CVE-2019-5068: mesa - An exploitable shared memory permissions vulnerability exists in the functionali...↗2019

▶

💬Community

Bugzilla

CVE-2019-5068 mesa: security bypass in 3D library graphics [fedora-all]↗2019-11-08

▶

Bugzilla

CVE-2019-5068 mesa: security bypass in 3D library graphics↗2019-11-08

▶