CVE-2019-11085

high

Description

Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

References

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

http://www.securityfocus.com/bid/108488

https://access.redhat.com/errata/RHSA-2019:1873

https://access.redhat.com/errata/RHSA-2019:1891

https://access.redhat.com/errata/RHSA-2019:1959

https://access.redhat.com/errata/RHSA-2019:1971

https://support.f5.com/csp/article/K09376613

https://usn.ubuntu.com/4068-1/

https://usn.ubuntu.com/4068-2/

https://usn.ubuntu.com/4118-1/

https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00249.html

Details

Source: MITRE

Published: 2019-05-17

Updated: 2019-05-31

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH