CVE-2019-5068

NameCVE-2019-5068
DescriptionAn exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1993-1, ELA-189-1
Debian Bugs944298

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mesa (PTS)jessie, jessie (lts)10.3.2-1+deb8u2fixed
stretch13.0.6-1vulnerable
buster18.3.6-2+deb10u1fixed
bullseye20.3.5-1fixed
bookworm22.3.6-1+deb12u1fixed
trixie23.3.5-1fixed
sid24.0.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mesasourcewheezy3.5.25.3-1+deb7u3ELA-189-1
mesasourcejessie10.3.2-1+deb8u2DLA-1993-1
mesasourcebuster18.3.6-2+deb10u1
mesasource(unstable)19.2.6-1low944298

Notes

[stretch] - mesa <ignored> (Affected code is not built in stretch)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc

Search for package or bug name: Reporting problems