Home > Vulnerability Database > CVE-2019-12380

Mend.io Vulnerability Database

CVE-2019-12380

Good to know:

Date: May 27, 2019

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.

Language: C

Severity Score

5.5

Related Resources (18)

Url: http://www.securityfocus.com/bid/108477

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html

Url: https://usn.ubuntu.com/4439-1/

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

Url: https://security-tracker.debian.org/tracker/CVE-2019-12380

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12380

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-12380

Url: https://security.netapp.com/advisory/ntap-20190710-0002/

Url: https://access.redhat.com/security/cve/CVE-2019-12380

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/

Url: http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/

Url: https://usn.ubuntu.com/4427-1/

Url: https://usn.ubuntu.com/4414-1/

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/

Url: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e

Url: https://www.mend.io/vulnerability-database/CVE-2019-12380

Severity Score

5.5

Weakness Type (CWE)

Error Handling

CWE-388

Top Fix

Upgrade Version

Upgrade to version v5.2-rc3

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-12380

Good to know:

Date: May 27, 2019

Language: C

Severity Score

Related Resources (18)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?