CVE-2019-11085

{"id": "CVE-2019-11085", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-05-17T16:29:03.063", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html", "source": "secure@intel.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html", "source": "secure@intel.com"}, {"url": "http://www.securityfocus.com/bid/108488", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1873", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1891", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1959", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1971", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0543", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0592", "source": "secure@intel.com"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0609", "source": "secure@intel.com"}, {"url": "https://support.f5.com/csp/article/K09376613", "tags": ["Third Party Advisory"], "source": "secure@intel.com"}, {"url": "https://usn.ubuntu.com/4068-1/", "source": "secure@intel.com"}, {"url": "https://usn.ubuntu.com/4068-2/", "source": "secure@intel.com"}, {"url": "https://usn.ubuntu.com/4118-1/", "source": "secure@intel.com"}, {"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00249.html", "tags": ["Vendor Advisory", "Patch"], "source": "secure@intel.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access."}, {"lang": "es", "value": "La validaci\u00f3n de entrada insuficiente en Kernel Mode Driver en Intel (R) i915 Graphics para Linux antes de la versi\u00f3n 5.0 puede permitir que un usuario autentificado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."}], "lastModified": "2019-05-31T12:29:01.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:intel:i915_firmware:*:*:*:*:*:linux:*:*", "vulnerable": true, "matchCriteriaId": "BFD3F7D4-C67B-4D95-AD94-9111D02720A9", "versionEndExcluding": "5.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:i915:-:*:*:*:*:linux:*:*", "vulnerable": false, "matchCriteriaId": "DC0D3093-7D64-4ADA-A117-987AE9074F3F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@intel.com"}