{"api_version":"1","generated_at":"2026-04-17T00:18:26+00:00","cve":"CVE-2019-5068","urls":{"html":"https://cve.report/CVE-2019-5068","api":"https://cve.report/api/cve/CVE-2019-5068.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-5068","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-5068"},"summary":{"title":"CVE-2019-5068","description":"An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.","state":"PUBLIC","assigner":"talos-cna@cisco.com","published_at":"2019-11-05 22:15:00","updated_at":"2022-06-21 19:23:00"},"problem_types":["CWE-732"],"metrics":[],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html","name":"openSUSE-SU-2020:0084","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2020:0084-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"TALOS-2019-0857 ||  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html","name":"[debian-lts-announce] 20191115 [SECURITY] [DLA 1993-1] mesa security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1993-1] mesa security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4271-1/","name":"USN-4271-1","refsource":"UBUNTU","tags":[],"title":"USN-4271-1: Mesa vulnerability | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc","name":"https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc","refsource":"MISC","tags":[],"title":"Call shmget() with permission 0600 instead of 0777 (02c3dad0) · Commits · Mesa / mesa · GitLab","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html","name":"https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html","refsource":"MISC","tags":[],"title":"[Mesa-dev] [PATCH] Call shmget() with permission 0600 instead of 0777","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-5068","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5068","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"5068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mesa3d","cpe5":"mesa","cpe6":"19.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5068","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mesa3d","cpe5":"mesa","cpe6":"19.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"5068","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-5068","qid":"296073","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 24.75.2 Missing (CPUJUL2020)"},{"cve":"CVE-2019-5068","qid":"670259","title":"EulerOS Security Update for mesa (EulerOS-SA-2021-1817)"},{"cve":"CVE-2019-5068","qid":"670866","title":"EulerOS Security Update for mesa (EulerOS-SA-2020-2555)"},{"cve":"CVE-2019-5068","qid":"670930","title":"EulerOS Security Update for mesa (EulerOS-SA-2020-2415)"},{"cve":"CVE-2019-5068","qid":"751143","title":"SUSE Enterprise Linux Security Update for Mesa (SUSE-SU-2021:3117-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-5068","ASSIGNER":"talos-cna@cisco.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Mesa 3D X11 Graphics library","version":{"version_data":[{"version_value":"19.1.2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-277: Insecure Inherited Permissions"}]}]},"references":{"reference_data":[{"refsource":"MLIST","name":"[debian-lts-announce] 20191115 [SECURITY] [DLA 1993-1] mesa security update","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0084","url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html"},{"refsource":"UBUNTU","name":"USN-4271-1","url":"https://usn.ubuntu.com/4271-1/"},{"refsource":"MISC","name":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857"},{"refsource":"MISC","name":"https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html","url":"https://lists.freedesktop.org/pipermail/mesa-dev/2019-October/223704.html"},{"refsource":"MISC","name":"https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc","url":"https://gitlab.freedesktop.org/mesa/mesa/-/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc"}]},"description":{"description_data":[{"lang":"eng","value":"An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability."}]},"impact":{"cvss":{"baseScore":5.1,"baseSeverity":"Medium","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","version":"3.0"}}},"nvd":{"publishedDate":"2019-11-05 22:15:00","lastModifiedDate":"2022-06-21 19:23:00","problem_types":["CWE-732"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":2.5},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.6},"severity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mesa3d:mesa:19.1.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"5068","Ordinal":"142684","Title":"CVE-2019-5068","CVE":"CVE-2019-5068","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"5068","Ordinal":"1","NoteData":"An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"5068","Ordinal":"2","NoteData":"2019-11-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"5068","Ordinal":"3","NoteData":"2020-06-01","Type":"Other","Title":"Modified"}]}}}