High severity7.8NVD Advisory· Published Dec 5, 2019· Updated Jun 17, 2026
CVE-2019-19520
CVE-2019-19520
Description
xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: =6.6
Patches
Vulnerability mechanics
References
7- www.openwall.com/lists/oss-security/2019/12/04/5nvdExploitMailing ListThird Party Advisory
- seclists.org/bugtraq/2019/Dec/8nvdExploitMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2019/12/04/5nvdExploitMailing ListThird Party Advisory
- packetstormsecurity.com/files/155572/Qualys-Security-Advisory-OpenBSD-Authentication-Bypass-Privilege-Escalation.htmlnvdThird Party Advisory
- seclists.org/fulldisclosure/2019/Dec/14nvdThird Party Advisory
- www.openbsd.org/errata66.htmlnvdVendor Advisory
- www.openwall.com/lists/oss-security/2019/12/04/6nvdMailing List
News mentions
0No linked articles in our index yet.