Oval Definition:oval:com.ubuntu.bionic:def:2019123800000000
Revision Date:2019-05-28Version:1
Title:CVE-2019-12380 on Ubuntu 18.04 LTS (bionic) - low.
Description:**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-12380
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND Package Information
  • linux package in bionic is affected and needs fixing.
  • OR linux-aws package in bionic is affected and needs fixing.
  • OR linux-aws-5.0 package in bionic is affected and needs fixing.
  • OR linux-azure package in bionic is affected and needs fixing.
  • OR linux-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1').
  • OR linux-gcp package in bionic is affected and needs fixing.
  • OR linux-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-gke-4.15 package in bionic is affected and needs fixing.
  • OR linux-gke-5.0 package in bionic is affected and needs fixing.
  • OR linux-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-kvm package in bionic is affected and needs fixing.
  • OR linux-meta package in bionic is affected and needs fixing.
  • OR linux-meta-aws package in bionic is affected and needs fixing.
  • OR linux-meta-aws-5.0 package in bionic is affected and needs fixing.
  • OR linux-meta-azure package in bionic is affected and needs fixing.
  • OR linux-meta-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1').
  • OR linux-meta-gcp package in bionic is affected and needs fixing.
  • OR linux-meta-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-meta-gke-4.15 package in bionic is affected and needs fixing.
  • OR linux-meta-gke-5.0 package in bionic is affected and needs fixing.
  • OR linux-meta-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-meta-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-meta-kvm package in bionic is affected and needs fixing.
  • OR linux-meta-oem package in bionic is affected and needs fixing.
  • OR linux-meta-oem-osp1 package in bionic is affected and needs fixing.
  • OR linux-meta-oracle package in bionic is affected and needs fixing.
  • OR linux-meta-oracle-5.0 package in bionic is affected and needs fixing.
  • OR linux-meta-raspi2 package in bionic is affected and needs fixing.
  • OR linux-meta-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1').
  • OR linux-meta-snapdragon package in bionic is affected and needs fixing.
  • OR linux-oem package in bionic is affected and needs fixing.
  • OR linux-oem-osp1 package in bionic is affected and needs fixing.
  • OR linux-oracle package in bionic is affected and needs fixing.
  • OR linux-oracle-5.0 package in bionic is affected and needs fixing.
  • OR linux-raspi2 package in bionic is affected and needs fixing.
  • OR linux-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1').
  • OR linux-signed package in bionic is affected and needs fixing.
  • OR linux-signed-azure package in bionic is affected and needs fixing.
  • OR linux-signed-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1').
  • OR linux-signed-gcp package in bionic is affected and needs fixing.
  • OR linux-signed-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1').
  • OR linux-signed-gke-4.15 package in bionic is affected and needs fixing.
  • OR linux-signed-gke-5.0 package in bionic is affected and needs fixing.
  • OR linux-signed-gke-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1011.12~18.04.1').
  • OR linux-signed-hwe package in bionic was vulnerable but has been fixed (note: '5.3.0-26.28~18.04.1').
  • OR linux-signed-oem package in bionic is affected and needs fixing.
  • OR linux-signed-oem-osp1 package in bionic is affected and needs fixing.
  • OR linux-signed-oracle package in bionic is affected and needs fixing.
  • OR linux-signed-oracle-5.0 package in bionic is affected and needs fixing.
  • OR linux-snapdragon package in bionic is affected and needs fixing.
    • BACK