CVE-2019-0155

Name	CVE-2019-0155
Description	Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1990-1, DSA-4564-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	jessie, jessie (lts)	3.16.84-1	fixed
	stretch (security)	4.9.320-2	fixed
	stretch (lts), stretch	4.9.320-3	fixed
	buster (security), buster, buster (lts)	4.19.316-1	fixed
	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.226-1	fixed
	bookworm	6.1.115-1	fixed
	bookworm (security)	6.1.112-1	fixed
	trixie	6.11.7-1	fixed
	sid	6.11.9-1	fixed
linux-4.9 (PTS)	jessie, jessie (lts)	4.9.303-1~deb8u3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
linux	source	wheezy	(unfixed)	end-of-life
linux	source	jessie	(not affected)
linux	source	stretch	4.9.189-3+deb9u2		DSA-4564-1
linux	source	buster	4.19.67-2+deb10u2		DSA-4564-1
linux	source	(unstable)	5.3.9-2
linux-4.9	source	jessie	4.9.189-3+deb9u2~deb8u1		DLA-1990-1

[jessie] - linux <not-affected> (Driver doesn't support this hardware)