CVE-2019-14615

Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.

Published: 2020-01-17 Last update: 2024-11-21 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2019-14615 is rated Moderate Risk (52.7/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 4.50%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2019-14615

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-04-01 5.00% 4.50% -0.51%
2 2025-12-28 5.51% 5.00% -0.51%
3 2025-12-27 5.51%

Full EPSS history (22 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2019-14615

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:N)
Service keeps running; no real outage angle.
 1.8 3.6 [email protected]
1.9 2.0 LOW
AV:L/AC:M/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 3.4 2.9 [email protected]

Weakness enumeration for CVE-2019-14615

OS Trackers for CVE-2019-14615

vendor priority summary link
debian not yet assigned CVE-2019-14615 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2019-14615
redhat medium https://access.redhat.com/security/cve/CVE-2019-14615
suse medium CVE-2019-14615 severity moderate: SUSE including 585 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 906 product×package rows across 120 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-Azure-BYOS, … (120 product lines)): Fixed 710, Known Affected 157, Known Not Affected 39. https://www.suse.com/security/cve/CVE-2019-14615/
ubuntu medium CVE-2019-14615 medium priority: Ubuntu including 112 source packages (linux, linux-aws, …), 1166 status rows across 13 suites (bionic, disco, eoan, focal, groovy, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 823, not-affected 171, released 152, ignored 19, needed 1. https://ubuntu.com/security/CVE-2019-14615

Affected software / configurations for CVE-2019-14615

Vendor Product Version Raw CPE
canonical ubuntu_linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
canonical ubuntu_linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
intel atom_e3805 cpe:2.3:h:intel:atom_e3805:-:*:*:*:*:*:*:*
intel atom_e3815 cpe:2.3:h:intel:atom_e3815:-:*:*:*:*:*:*:*
intel atom_e3825 cpe:2.3:h:intel:atom_e3825:-:*:*:*:*:*:*:*
intel atom_e3826 cpe:2.3:h:intel:atom_e3826:-:*:*:*:*:*:*:*
intel atom_e3827 cpe:2.3:h:intel:atom_e3827:-:*:*:*:*:*:*:*
intel atom_e3845 cpe:2.3:h:intel:atom_e3845:-:*:*:*:*:*:*:*
intel atom_e620 cpe:2.3:h:intel:atom_e620:-:*:*:*:*:*:*:*
intel atom_e620t cpe:2.3:h:intel:atom_e620t:-:*:*:*:*:*:*:*
intel atom_e640 cpe:2.3:h:intel:atom_e640:-:*:*:*:*:*:*:*
intel atom_e640t cpe:2.3:h:intel:atom_e640t:-:*:*:*:*:*:*:*
intel atom_e660 cpe:2.3:h:intel:atom_e660:-:*:*:*:*:*:*:*
intel atom_e660t cpe:2.3:h:intel:atom_e660t:-:*:*:*:*:*:*:*
intel atom_e680 cpe:2.3:h:intel:atom_e680:-:*:*:*:*:*:*:*
intel atom_e680t cpe:2.3:h:intel:atom_e680t:-:*:*:*:*:*:*:*
intel atom_x3-c3130 cpe:2.3:h:intel:atom_x3-c3130:-:*:*:*:*:*:*:*
intel atom_x3-c3200rk cpe:2.3:h:intel:atom_x3-c3200rk:-:*:*:*:*:*:*:*
intel atom_x3-c3230rk cpe:2.3:h:intel:atom_x3-c3230rk:-:*:*:*:*:*:*:*
intel atom_x3-c3405 cpe:2.3:h:intel:atom_x3-c3405:-:*:*:*:*:*:*:*
intel atom_x3-c3445 cpe:2.3:h:intel:atom_x3-c3445:-:*:*:*:*:*:*:*
intel atom_x5-z8300 cpe:2.3:h:intel:atom_x5-z8300:-:*:*:*:*:*:*:*
intel atom_x5-z8330 cpe:2.3:h:intel:atom_x5-z8330:-:*:*:*:*:*:*:*
intel atom_x5-z8500 cpe:2.3:h:intel:atom_x5-z8500:-:*:*:*:*:*:*:*
intel atom_x7-z8700 cpe:2.3:h:intel:atom_x7-z8700:-:*:*:*:*:*:*:*
intel atom_z2420 cpe:2.3:h:intel:atom_z2420:-:*:*:*:*:*:*:*
intel atom_z2460 cpe:2.3:h:intel:atom_z2460:-:*:*:*:*:*:*:*
intel atom_z2480 cpe:2.3:h:intel:atom_z2480:-:*:*:*:*:*:*:*
intel atom_z2520 cpe:2.3:h:intel:atom_z2520:-:*:*:*:*:*:*:*
intel atom_z2560 cpe:2.3:h:intel:atom_z2560:-:*:*:*:*:*:*:*
intel atom_z2580 cpe:2.3:h:intel:atom_z2580:-:*:*:*:*:*:*:*
intel atom_z2760 cpe:2.3:h:intel:atom_z2760:-:*:*:*:*:*:*:*
intel atom_z3460 cpe:2.3:h:intel:atom_z3460:-:*:*:*:*:*:*:*
intel atom_z3480 cpe:2.3:h:intel:atom_z3480:-:*:*:*:*:*:*:*
intel atom_z3530 cpe:2.3:h:intel:atom_z3530:-:*:*:*:*:*:*:*
intel atom_z3560 cpe:2.3:h:intel:atom_z3560:-:*:*:*:*:*:*:*
intel atom_z3570 cpe:2.3:h:intel:atom_z3570:-:*:*:*:*:*:*:*
intel atom_z3580 cpe:2.3:h:intel:atom_z3580:-:*:*:*:*:*:*:*
intel atom_z3590 cpe:2.3:h:intel:atom_z3590:-:*:*:*:*:*:*:*
intel atom_z3735d cpe:2.3:h:intel:atom_z3735d:-:*:*:*:*:*:*:*
intel atom_z3735e cpe:2.3:h:intel:atom_z3735e:-:*:*:*:*:*:*:*
intel atom_z3735f cpe:2.3:h:intel:atom_z3735f:-:*:*:*:*:*:*:*
intel atom_z3735g cpe:2.3:h:intel:atom_z3735g:-:*:*:*:*:*:*:*
intel atom_z3736f cpe:2.3:h:intel:atom_z3736f:-:*:*:*:*:*:*:*
intel atom_z3736g cpe:2.3:h:intel:atom_z3736g:-:*:*:*:*:*:*:*
intel atom_z3740 cpe:2.3:h:intel:atom_z3740:-:*:*:*:*:*:*:*
intel atom_z3740d cpe:2.3:h:intel:atom_z3740d:-:*:*:*:*:*:*:*
intel atom_z3745 cpe:2.3:h:intel:atom_z3745:-:*:*:*:*:*:*:*
intel atom_z3745d cpe:2.3:h:intel:atom_z3745d:-:*:*:*:*:*:*:*
intel atom_z3770 cpe:2.3:h:intel:atom_z3770:-:*:*:*:*:*:*:*
intel atom_z3770d cpe:2.3:h:intel:atom_z3770d:-:*:*:*:*:*:*:*
intel atom_z3775 cpe:2.3:h:intel:atom_z3775:-:*:*:*:*:*:*:*
intel atom_z3775d cpe:2.3:h:intel:atom_z3775d:-:*:*:*:*:*:*:*
intel atom_z3785 cpe:2.3:h:intel:atom_z3785:-:*:*:*:*:*:*:*
intel atom_z3795 cpe:2.3:h:intel:atom_z3795:-:*:*:*:*:*:*:*
intel celeron j4005 cpe:2.3:h:intel:celeron:j4005:*:*:*:*:*:*:*
intel celeron j4105 cpe:2.3:h:intel:celeron:j4105:*:*:*:*:*:*:*
intel celeron n4000 cpe:2.3:h:intel:celeron:n4000:*:*:*:*:*:*:*
intel celeron n4100 cpe:2.3:h:intel:celeron:n4100:*:*:*:*:*:*:*
intel celeron_g3900 cpe:2.3:h:intel:celeron_g3900:-:*:*:*:*:*:*:*
intel celeron_g3930 cpe:2.3:h:intel:celeron_g3930:-:*:*:*:*:*:*:*
intel celeron_g3930t cpe:2.3:h:intel:celeron_g3930t:-:*:*:*:*:*:*:*
intel celeron_g3950 cpe:2.3:h:intel:celeron_g3950:-:*:*:*:*:*:*:*
intel celeron_g4900 cpe:2.3:h:intel:celeron_g4900:-:*:*:*:*:*:*:*
intel celeron_g4900t cpe:2.3:h:intel:celeron_g4900t:-:*:*:*:*:*:*:*
intel celeron_g4920 cpe:2.3:h:intel:celeron_g4920:-:*:*:*:*:*:*:*
intel celeron_g4930 cpe:2.3:h:intel:celeron_g4930:-:*:*:*:*:*:*:*
intel celeron_g4930t cpe:2.3:h:intel:celeron_g4930t:-:*:*:*:*:*:*:*
intel celeron_g4950 cpe:2.3:h:intel:celeron_g4950:-:*:*:*:*:*:*:*
intel celeron_j j1750 cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*
intel celeron_j j1800 cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*
intel celeron_j j1850 cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*
intel celeron_j j1900 cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*
intel celeron_j j3060 cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*
intel celeron_j j3160 cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*
intel celeron_j j3355 cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*
intel celeron_j j3455 cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*
intel celeron_j j4005 cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*

References for CVE-2019-14615

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html
http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html
http://seclists.org/fulldisclosure/2020/Mar/31
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
https://support.apple.com/kb/HT211100
https://usn.ubuntu.com/4253-1/ Third Party Advisory
https://usn.ubuntu.com/4253-2/ Third Party Advisory
https://usn.ubuntu.com/4254-1/ Third Party Advisory
https://usn.ubuntu.com/4254-2/ Third Party Advisory
https://usn.ubuntu.com/4255-1/ Third Party Advisory
https://usn.ubuntu.com/4255-2/ Third Party Advisory
https://usn.ubuntu.com/4284-1/
https://usn.ubuntu.com/4285-1/
https://usn.ubuntu.com/4286-1/
https://usn.ubuntu.com/4286-2/
https://usn.ubuntu.com/4287-1/
https://usn.ubuntu.com/4287-2/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html Vendor Advisory
cvelogic Threat Intelligence