4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
11.7%
DISPUTED drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel
5.2.14 does not check the alloc_workqueue return value, leading to a NULL
pointer dereference. NOTE: A third-party software maintainer states that
the work queue allocation is happening during device initialization, which
for a graphics card occurs during boot. It is not attacker controllable and
OOM at that time is highly unlikely.
Author | Note |
---|---|
sbeattie | This issue will not be addressed by upstream, and has been disputed because work queue allocation happens during device initialization and causing it to fail is unlikely to be attacker controllable. Because of this, Canonical will not be addressing this issue, either. |
sbeattie | the linux-kernel-tracker lists 81de29d842ccb776c0f77aa3e2b11b07fff0c0e2 as the fix, but that is actually the fix for CVE-2019-16229 |
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
11.7%