{ "threat_severity" : "Important", "public_date" : "2019-05-14T00:00:00Z", "bugzilla" : { "description" : "kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation", "id" : "1710405", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1710405" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-20->CWE-250", "details" : [ "Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A flaw was found in the Linux kernel's implementation of GVT-g which allowed an attacker with access to a 'passed through' Intel i915 graphics card to possibly access resources allocated to other virtual machines, crash the host, or possibly corrupt memory leading to privilege escalation." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-07-29T00:00:00Z", "advisory" : "RHSA-2019:1891", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-957.27.2.rt56.940.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-07-29T00:00:00Z", "advisory" : "RHSA-2019:1873", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-957.27.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHSA-2020:0592", "cpe" : "cpe:/o:redhat:rhel_aus:7.4", "package" : "kernel-0:3.10.0-693.64.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHSA-2020:0592", "cpe" : "cpe:/o:redhat:rhel_tus:7.4", "package" : "kernel-0:3.10.0-693.64.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date" : "2020-02-25T00:00:00Z", "advisory" : "RHSA-2020:0592", "cpe" : "cpe:/o:redhat:rhel_e4s:7.4", "package" : "kernel-0:3.10.0-693.64.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date" : "2020-02-19T00:00:00Z", "advisory" : "RHSA-2020:0543", "cpe" : "cpe:/o:redhat:rhel_eus:7.5", "package" : "kernel-0:3.10.0-862.48.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-07-30T00:00:00Z", "advisory" : "RHSA-2019:1971", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-80.7.1.rt9.153.el8_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-07-30T00:00:00Z", "advisory" : "RHSA-2019:1959", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-80.7.1.el8_0" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2020-02-26T00:00:00Z", "advisory" : "RHSA-2020:0609", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-1:3.10.0-693.64.1.rt56.662.el6rt" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "kernel-alt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-11085\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11085\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html" ], "name" : "CVE-2019-11085", "csaw" : false }