CVE-2019-12380
low-risk
Published 2019-05-28
**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because βAll the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.β.
Do I need to act?
-
0.04% chance of exploitation
EPSS score β low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (22)
Third Party Advisory
http://www.securityfocus.com/bid/108477
Third Party Advisory
http://www.securityfocus.com/bid/108477
and 2 more references
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal