CVE-2019-12380

LOW

Description

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.

References

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

http://www.securityfocus.com/bid/108477

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e

https://lists.fedoraproject.org/archives/list/[email protected]/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/

https://lists.fedoraproject.org/archives/list/[email protected]/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/

https://security.netapp.com/advisory/ntap-20190710-0002/

https://usn.ubuntu.com/4414-1/

https://usn.ubuntu.com/4427-1/

https://usn.ubuntu.com/4439-1/

Details

Source: MITRE

Published: 2019-05-28

Updated: 2020-08-03

Type: CWE-388

Risk Information

CVSS v2.0

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3.0

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (15 total)

ID	Name	Product	Family	Severity
139027	Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4439-1)	Nessus	Ubuntu Local Security Checks	high
138836	Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1)	Nessus	Ubuntu Local Security Checks	high
138139	Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4414-1)	Nessus	Ubuntu Local Security Checks	high
134387	EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186)	Nessus	Huawei Local Security Checks	critical
129284	SUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)	Nessus	SuSE Local Security Checks	high
128929	EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1926)	Nessus	Huawei Local Security Checks	critical
126744	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1855-1) (SACK Slowness)	Nessus	SuSE Local Security Checks	high
126742	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1852-1)	Nessus	SuSE Local Security Checks	high
126691	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1829-1)	Nessus	SuSE Local Security Checks	high
126688	SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1823-1)	Nessus	SuSE Local Security Checks	high
126059	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)	Nessus	SuSE Local Security Checks	high
126040	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)	Nessus	SuSE Local Security Checks	high
126033	openSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)	Nessus	SuSE Local Security Checks	high
125790	Fedora 30 : kernel / kernel-headers (2019-f40bd7826f)	Nessus	Fedora Local Security Checks	high
125746	Fedora 29 : kernel / kernel-headers / kernel-tools (2019-7ec378191e)	Nessus	Fedora Local Security Checks	high