Oval Definition:oval:com.ubuntu.xenial:def:2019123800000000
Revision Date:2019-05-28Version:1
Title:CVE-2019-12380 on Ubuntu 16.04 LTS (xenial) - low.
Description:**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-12380
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • linux package in xenial is affected and needs fixing.
  • OR linux-aws package in xenial is affected and needs fixing.
  • OR linux-aws-hwe package in xenial is affected and needs fixing.
  • OR linux-azure package in xenial is affected and needs fixing.
  • OR linux-euclid: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needs-triage now end-of-life').
  • OR linux-flo: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned').
  • OR linux-gcp package in xenial is affected and needs fixing.
  • OR linux-gke: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life').
  • OR linux-goldfish: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'end-of-life').
  • OR linux-hwe package in xenial is affected and needs fixing.
  • OR linux-kvm package in xenial is affected and needs fixing.
  • OR linux-mako: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'abandoned').
  • OR linux-meta package in xenial is affected and needs fixing.
  • OR linux-meta-aws package in xenial is affected and needs fixing.
  • OR linux-meta-aws-hwe package in xenial is affected and needs fixing.
  • OR linux-meta-azure package in xenial is affected and needs fixing.
  • OR linux-meta-gcp package in xenial is affected and needs fixing.
  • OR linux-meta-hwe package in xenial is affected and needs fixing.
  • OR linux-meta-kvm package in xenial is affected and needs fixing.
  • OR linux-meta-oracle package in xenial is affected and needs fixing.
  • OR linux-meta-raspi2 package in xenial is affected and needs fixing.
  • OR linux-meta-snapdragon package in xenial is affected and needs fixing.
  • OR linux-oem: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'was needs-triage now end-of-life').
  • OR linux-oracle package in xenial is affected and needs fixing.
  • OR linux-raspi2 package in xenial is affected and needs fixing.
  • OR linux-signed package in xenial is affected and needs fixing.
  • OR linux-signed-azure package in xenial is affected and needs fixing.
  • OR linux-signed-gcp package in xenial is affected and needs fixing.
  • OR linux-signed-hwe package in xenial is affected and needs fixing.
  • OR linux-signed-oracle package in xenial is affected and needs fixing.
  • OR linux-snapdragon package in xenial is affected and needs fixing.
    • BACK