{"api_version":"1","generated_at":"2026-04-23T04:10:38+00:00","cve":"CVE-2019-12380","urls":{"html":"https://cve.report/CVE-2019-12380","api":"https://cve.report/api/cve/CVE-2019-12380.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-12380","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-12380"},"summary":{"title":"CVE-2019-12380","description":"**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-05-28 03:29:00","updated_at":"2023-11-07 03:03:00"},"problem_types":["CWE-388"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/","name":"FEDORA-2019-7ec378191e","refsource":"","tags":[],"title":"[SECURITY] Fedora 29 Update: kernel-headers-5.1.6-200.fc29 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html","name":"openSUSE-SU-2019:1570","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1570-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e","name":"https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e","refsource":"MISC","tags":["Mailing List","Patch","Vendor Advisory"],"title":"kernel/git/tip/tip.git - Unnamed repository; edit this file 'description' to name the repository.","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/","name":"FEDORA-2019-f40bd7826f","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: kernel-headers-5.1.7-300.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20190710-0002/","name":"https://security.netapp.com/advisory/ntap-20190710-0002/","refsource":"CONFIRM","tags":[],"title":"June 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/108477","name":"108477","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Linux Kernel CVE-2019-12380 Multiple Denial of Service Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/","name":"FEDORA-2019-f40bd7826f","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 30 Update: kernel-headers-5.1.7-300.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4439-1/","name":"USN-4439-1","refsource":"UBUNTU","tags":[],"title":"USN-4439-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/","name":"FEDORA-2019-7ec378191e","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 29 Update: kernel-headers-5.1.6-200.fc29 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4427-1/","name":"USN-4427-1","refsource":"UBUNTU","tags":[],"title":"USN-4427-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html","name":"openSUSE-SU-2019:1579","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1579-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html","name":"openSUSE-SU-2019:1571","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1571-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4414-1/","name":"USN-4414-1","refsource":"UBUNTU","tags":[],"title":"USN-4414-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-12380","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12380","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"12380","vulnerable":"1","versionEndIncluding":"5.1.5","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-12380","qid":"376882","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2019:0121)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-12380","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e","refsource":"MISC","name":"https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e"},{"refsource":"BID","name":"108477","url":"http://www.securityfocus.com/bid/108477"},{"refsource":"FEDORA","name":"FEDORA-2019-7ec378191e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/"},{"refsource":"FEDORA","name":"FEDORA-2019-f40bd7826f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1570","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1571","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1579","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20190710-0002/","url":"https://security.netapp.com/advisory/ntap-20190710-0002/"},{"refsource":"UBUNTU","name":"USN-4427-1","url":"https://usn.ubuntu.com/4427-1/"},{"refsource":"UBUNTU","name":"USN-4414-1","url":"https://usn.ubuntu.com/4414-1/"},{"refsource":"UBUNTU","name":"USN-4439-1","url":"https://usn.ubuntu.com/4439-1/"}]}},"nvd":{"publishedDate":"2019-05-28 03:29:00","lastModifiedDate":"2023-11-07 03:03:00","problem_types":["CWE-388"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"5.1.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"12380","Ordinal":"150717","Title":"CVE-2019-12380","CVE":"CVE-2019-12380","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"12380","Ordinal":"1","NoteData":"**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"12380","Ordinal":"2","NoteData":"2019-05-27","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"12380","Ordinal":"3","NoteData":"2020-08-03","Type":"Other","Title":"Modified"}]}}}