Oval Definition:oval:com.ubuntu.cosmic:def:2019110850000000
Revision Date:2019-05-17Version:1
Title:CVE-2019-11085 on Ubuntu 18.10 (cosmic) - medium.
Description:Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-11085
Platform(s):Ubuntu 18.10
Product(s):
Definition Synopsis
  • Ubuntu 18.10 (cosmic) is installed.
  • AND Package Information
  • linux package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-26.27').
  • OR linux-aws package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1021.25').
  • OR linux-azure package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1025.27').
  • OR linux-gcp package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1016.17').
  • OR linux-kvm package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1017.18').
  • OR linux-meta package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-26.27').
  • OR linux-meta-aws package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1021.25').
  • OR linux-meta-azure package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1025.27').
  • OR linux-meta-gcp package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1016.17').
  • OR linux-meta-kvm package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1017.18').
  • OR linux-meta-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR linux-meta-raspi2 package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1019.22').
  • OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
  • OR linux-oracle package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.15.0-1018.20').
  • OR linux-raspi2 package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1019.22').
  • OR linux-signed package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-26.27').
  • OR linux-signed-azure package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1025.27').
  • OR linux-signed-gcp package in cosmic is affected. An update containing the fix has been completed and is pending publication (note: '4.18.0-1016.17').
  • OR linux-signed-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').
    • BACK