CVE-2019-12881 - i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on

CVE-2019-12881

Summary

i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.15:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04.2:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04.2:*:*:*:lts:*:*:*

CVSS

Base:	4.6 (as of 29-06-2020 - 13:47)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	108873
confirm	https://security.netapp.com/advisory/ntap-20190710-0002/
misc	https://gist.github.com/oxagast/472866fb2c3d439e10499d7141d0a520

Last major update

29-06-2020 - 13:47

Published

18-06-2019 - 23:15

Last modified

29-06-2020 - 13:47