CVE-2019-11085

Опубликовано: 14 мая 2019

Источник: redhat

CVSS3: 8.8

Описание

Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

A flaw was found in the Linux kernel's implementation of GVT-g which allowed an attacker with access to a 'passed through' Intel i915 graphics card to possibly access resources allocated to other virtual machines, crash the host, or possibly corrupt memory leading to privilege escalation.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2019:1891	29.07.2019
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2019:1873	29.07.2019
Red Hat Enterprise Linux 7.4 Advanced Update Support	kernel	Fixed	RHSA-2020:0592	25.02.2020
Red Hat Enterprise Linux 7.4 Telco Extended Update Support	kernel	Fixed	RHSA-2020:0592	25.02.2020
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions	kernel	Fixed	RHSA-2020:0592	25.02.2020
Red Hat Enterprise Linux 7.5 Extended Update Support	kernel	Fixed	RHSA-2020:0543	19.02.2020
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2019:1971	30.07.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-20->CWE-250

https://bugzilla.redhat.com/show_bug.cgi?id=1710405kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation

8.8 High

CVSS3