Lucene search

[email protected]NVD:CVE-2019-14821

HistorySep 19, 2019 - 6:15 p.m.

CVE-2019-14821

2019-09-1918:15:10

CWE-787

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel’s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer ‘struct kvm_coalesced_mmio’ object, wherein write indices ‘ring->first’ and ‘ring->last’ value could be supplied by a host user-space process. An unprivileged host user or process with access to ‘/dev/kvm’ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Affected configurations

NVD

Node

linuxlinux_kernelRange2.6.27–3.15.10

linuxlinux_kernelRange3.16–3.16.74

linuxlinux_kernelRange4.4–4.4.194

linuxlinux_kernelRange4.9–4.9.194

linuxlinux_kernelRange4.14–4.14.146

linuxlinux_kernelRange4.19–4.19.75

linuxlinux_kernelRange5.2–5.2.17

linuxlinux_kernelRange5.3–5.3.1

linuxlinux_kernelMatch5.4rc1

Node

redhatvirtualization_hostMatch4.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_for_real_timeMatch7

redhatenterprise_linux_for_real_timeMatch8

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04esm

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch19.04

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

Node

fedoraprojectfedoraMatch29

fedoraprojectfedoraMatch30

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

netappaff_a700sMatch-

AND

netappaff_a700s_firmwareMatch-

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph300eMatch-

AND

netapph300e_firmwareMatch-

Node

netapph500eMatch-

AND

netapph500e_firmwareMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

netappdata_availability_servicesMatch-

netapphci_management_nodeMatch-

netappsolidfireMatch-

Node

oraclesd-wan_edgeMatch7.3

oraclesd-wan_edgeMatch8.0

oraclesd-wan_edgeMatch8.1

oraclesd-wan_edgeMatch8.2

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html

packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

www.openwall.com/lists/oss-security/2019/09/20/1

access.redhat.com/errata/RHSA-2019:3309

access.redhat.com/errata/RHSA-2019:3517

access.redhat.com/errata/RHSA-2019:3978

access.redhat.com/errata/RHSA-2019:3979

access.redhat.com/errata/RHSA-2019:4154

access.redhat.com/errata/RHSA-2019:4256

access.redhat.com/errata/RHSA-2020:0027

access.redhat.com/errata/RHSA-2020:0204

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821

lists.debian.org/debian-lts-announce/2019/09/msg00025.html

lists.debian.org/debian-lts-announce/2019/10/msg00000.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/

seclists.org/bugtraq/2019/Nov/11

seclists.org/bugtraq/2019/Sep/41

security.netapp.com/advisory/ntap-20191004-0001/

usn.ubuntu.com/4157-1/

usn.ubuntu.com/4157-2/

usn.ubuntu.com/4162-1/

usn.ubuntu.com/4162-2/

usn.ubuntu.com/4163-1/

usn.ubuntu.com/4163-2/

www.debian.org/security/2019/dsa-4531

www.oracle.com/security-alerts/cpuapr2020.html

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for NVD:CVE-2019-14821