What is CVE-2019-12380?

CVE-2019-12380 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2019-12380 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2019-12380?

CVE-2019-12380 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2019-12380?

No patch is currently available for CVE-2019-12380. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2019-12380 actively exploited?

CVE-2019-12380 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2019-12380

Medium

**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.

Package Linux Kernel

Published 2019-05-28

Last modified 2024-11-21

CVSS version 3.0

Patch available

Awaiting data

CVSS 3.0 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-388

CVE-2019-12380 is classified as CWE-388

See CWE-388 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2019-12380 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Lists
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
Securityfocus
http://www.securityfocus.com/bid/108477

Third Party Advisory VDB Entry
Lists
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J36BIJTKEPUOZKJNHQBUZA47RQONUKOI/
Lists
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLGWJKLMTBBB53D5QLS4HOY2EH246WBE/
Security
https://security.netapp.com/advisory/ntap-20190710-0002/
Ubuntu Security
https://usn.ubuntu.com/4414-1/
Ubuntu Security
https://usn.ubuntu.com/4427-1/
Ubuntu Security
https://usn.ubuntu.com/4439-1/
Kernel patch commit
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=4e78921ba4dd0aca1cc89168f45039add4183f8e
Patch

Details

CVE ID CVE-2019-12380

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.0

Published 2019-05-28

Modified 2024-11-21

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2019-12380?

CVE-2019-12380 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2019-12380 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2019-12380?

CVE-2019-12380 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.0). The vector string is CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2019-12380?

No patch is currently available for CVE-2019-12380. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2019-12380 actively exploited?

No — CVE-2019-12380 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.