| Name | CVE-2019-5068 |
| Description | An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-1993-1, ELA-189-1 |
| Debian Bugs | 944298 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| mesa (PTS) | jessie, jessie (lts) | 10.3.2-1+deb8u2 | fixed |
| stretch | 13.0.6-1 | vulnerable |
| buster | 18.3.6-2+deb10u1 | fixed |
| bullseye | 20.3.5-1 | fixed |
| bookworm | 22.3.6-1+deb12u1 | fixed |
| sid, trixie | 24.2.7-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| mesa | source | wheezy | 3.5.25.3-1+deb7u3 | | ELA-189-1 | |
| mesa | source | jessie | 10.3.2-1+deb8u2 | | DLA-1993-1 | |
| mesa | source | buster | 18.3.6-2+deb10u1 | | | |
| mesa | source | (unstable) | 19.2.6-1 | low | | 944298 |
Notes
[stretch] - mesa <ignored> (Affected code is not built in stretch)
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857
https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html
https://cgit.freedesktop.org/mesa/mesa/commit/?id=02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc