Vulnerability-Lookup

CVE-2019-18844 (GCVE-0-2019-18844)

Vulnerability from cvelistv5 – Published: 2019-11-13 19:12 – Updated: 2024-08-05 02:02

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/shuox/acrn-hypervisor/commit/9…	x_refsource_MISC
	https://github.com/projectacrn/acrn-hypervisor/is…	x_refsource_MISC
	https://github.com/projectacrn/acrn-hypervisor/co…	x_refsource_MISC
	https://github.com/projectacrn/acrn-hypervisor/co…	x_refsource_MISC
	https://github.com/projectacrn/acrn-hypervisor/co…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:02:39.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-22T05:03:03.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18844",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc",
              "refsource": "MISC",
              "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
            },
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/issues/3252",
              "refsource": "MISC",
              "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
            },
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa",
              "refsource": "MISC",
              "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
            },
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p",
              "refsource": "MISC",
              "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
            },
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535",
              "refsource": "MISC",
              "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18844",
    "datePublished": "2019-11-13T19:12:37.000Z",
    "dateReserved": "2019-11-09T00:00:00.000Z",
    "dateUpdated": "2024-08-05T02:02:39.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-18844",
      "date": "2026-05-09",
      "epss": "0.00537",
      "percentile": "0.67649"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2019w25.5-140000p\", \"matchCriteriaId\": \"230540A5-B9A3-4A5E-9DB3-0AE1785537E4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.\"}, {\"lang\": \"es\", \"value\": \"El modelo de dispositivo en ACRN antes de 2019w25.5-140000p se basa en llamadas de afirmaci\\u00f3n en devicemodel / hw / pci / core.c y devicemodel / include / pci_core.h (en lugar de otros mecanismos para propagar informaci\\u00f3n de error o informaci\\u00f3n de diagn\\u00f3stico), lo que podr\\u00eda permitir atacantes para causar una denegaci\\u00f3n de servicio (falla de aserci\\u00f3n) dentro de pci core. Esto se soluciona en 1.2. 6199e653418e es una mitigaci\\u00f3n para las versiones anteriores a la versi\\u00f3n 1.1, mientras que 2b3dedfb9ba1 es una mitigaci\\u00f3n para 1.1.\"}]",
      "id": "CVE-2019-18844",
      "lastModified": "2024-11-21T04:33:41.810",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-11-13T20:15:11.020",
      "references": "[{\"url\": \"https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/projectacrn/acrn-hypervisor/issues/3252\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/projectacrn/acrn-hypervisor/issues/3252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-617\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-18844\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-11-13T20:15:11.020\",\"lastModified\":\"2024-11-21T04:33:41.810\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.\"},{\"lang\":\"es\",\"value\":\"El modelo de dispositivo en ACRN antes de 2019w25.5-140000p se basa en llamadas de afirmaci\u00f3n en devicemodel / hw / pci / core.c y devicemodel / include / pci_core.h (en lugar de otros mecanismos para propagar informaci\u00f3n de error o informaci\u00f3n de diagn\u00f3stico), lo que podr\u00eda permitir atacantes para causar una denegaci\u00f3n de servicio (falla de aserci\u00f3n) dentro de pci core. Esto se soluciona en 1.2. 6199e653418e es una mitigaci\u00f3n para las versiones anteriores a la versi\u00f3n 1.1, mientras que 2b3dedfb9ba1 es una mitigaci\u00f3n para 1.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2019w25.5-140000p\",\"matchCriteriaId\":\"230540A5-B9A3-4A5E-9DB3-0AE1785537E4\"}]}]}],\"references\":[{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/issues/3252\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/projectacrn/acrn-hypervisor/issues/3252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2020-22865

Vulnerability from cnvd - Published: 2020-04-14

Title

ACRN拒绝服务漏洞

Description

ACRN是一款用于物联网的开源虚拟机监视器。 ACRN 2019w25.5-140000p之前版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务（断言失败）。

Severity

高

Patch Name

ACRN拒绝服务漏洞的补丁

Patch Description

ACRN是一款用于物联网的开源虚拟机监视器。 ACRN 2019w25.5-140000p之前版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务（断言失败）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-18844

Impacted products

Name
Linux ACRN <2019w25.5-140000p

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-18844",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-18844"
    }
  },
  "description": "ACRN\u662f\u4e00\u6b3e\u7528\u4e8e\u7269\u8054\u7f51\u7684\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u3002\n\nACRN 2019w25.5-140000p\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65ad\u8a00\u5931\u8d25\uff09\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22865",
  "openTime": "2020-04-14",
  "patchDescription": "ACRN\u662f\u4e00\u6b3e\u7528\u4e8e\u7269\u8054\u7f51\u7684\u5f00\u6e90\u865a\u62df\u673a\u76d1\u89c6\u5668\u3002\r\n\r\nACRN 2019w25.5-140000p\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u65ad\u8a00\u5931\u8d25\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ACRN\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux ACRN \u003c2019w25.5-140000p"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-18844",
  "serverity": "\u9ad8",
  "submitTime": "2019-12-12",
  "title": "ACRN\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GSD-2019-18844

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-18844

Aliases

CVE-2019-18844

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-18844",
    "description": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.",
    "id": "GSD-2019-18844"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-18844"
      ],
      "details": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.",
      "id": "GSD-2019-18844",
      "modified": "2023-12-13T01:23:50.218525Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-18844",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc",
            "refsource": "MISC",
            "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
          },
          {
            "name": "https://github.com/projectacrn/acrn-hypervisor/issues/3252",
            "refsource": "MISC",
            "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
          },
          {
            "name": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa",
            "refsource": "MISC",
            "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
          },
          {
            "name": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p",
            "refsource": "MISC",
            "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
          },
          {
            "name": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535",
            "refsource": "MISC",
            "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019w25.5-140000p",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18844"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-617"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/issues/3252",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
            },
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
            },
            {
              "name": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
            },
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
            },
            {
              "name": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-11-09T21:46Z",
      "publishedDate": "2019-11-13T20:15Z"
    }
  }
}

FKIE_CVE-2019-18844

Vulnerability from fkie_nvd - Published: 2019-11-13 20:15 - Updated: 2024-11-21 04:33

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa	Patch, Third Party Advisory
cve@mitre.org	https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535	Patch, Third Party Advisory
cve@mitre.org	https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p	Third Party Advisory
cve@mitre.org	https://github.com/projectacrn/acrn-hypervisor/issues/3252	Third Party Advisory
cve@mitre.org	https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/projectacrn/acrn-hypervisor/issues/3252	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc	Third Party Advisory

Impacted products

	Vendor	Product	Version
	linux	acrn	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "230540A5-B9A3-4A5E-9DB3-0AE1785537E4",
              "versionEndExcluding": "2019w25.5-140000p",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1."
    },
    {
      "lang": "es",
      "value": "El modelo de dispositivo en ACRN antes de 2019w25.5-140000p se basa en llamadas de afirmaci\u00f3n en devicemodel / hw / pci / core.c y devicemodel / include / pci_core.h (en lugar de otros mecanismos para propagar informaci\u00f3n de error o informaci\u00f3n de diagn\u00f3stico), lo que podr\u00eda permitir atacantes para causar una denegaci\u00f3n de servicio (falla de aserci\u00f3n) dentro de pci core. Esto se soluciona en 1.2. 6199e653418e es una mitigaci\u00f3n para las versiones anteriores a la versi\u00f3n 1.1, mientras que 2b3dedfb9ba1 es una mitigaci\u00f3n para 1.1."
    }
  ],
  "id": "CVE-2019-18844",
  "lastModified": "2024-11-21T04:33:41.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-13T20:15:11.020",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3RH5-9P47-7947

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2022-05-24 17:00

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-18844"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-13T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core.",
  "id": "GHSA-3rh5-9p47-7947",
  "modified": "2022-05-24T17:00:48Z",
  "published": "2022-05-24T17:00:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18844"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
    },
    {
      "type": "WEB",
      "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201911-0634

Vulnerability from variot - Updated: 2023-12-18 12:35

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1. ACRN Contains a vulnerability with reachable assertions.Service operation interruption (DoS) There is a possibility of being put into a state. ACRN is an open source virtual machine monitor for the Internet of Things. There are security vulnerabilities in the previous version of ACRN 2019w25.5-140000p. An attacker can use this vulnerability to cause a denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0634",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "acrn",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "linux",
        "version": "2019w25.5-140000p"
      },
      {
        "model": "project acrn embedded hypervisor",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "acrn",
        "version": "2019w25.5-140000p"
      },
      {
        "model": "acrn \u003c2019w25.5-140000p",
        "scope": null,
        "trust": 0.6,
        "vendor": "linux",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2019w25.5-140000p",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      }
    ]
  },
  "cve": "CVE-2019-18844",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-18844",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2020-22865",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-18844",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-18844",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-22865",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201911-754",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1. ACRN Contains a vulnerability with reachable assertions.Service operation interruption (DoS) There is a possibility of being put into a state. ACRN is an open source virtual machine monitor for the Internet of Things. \nThere are security vulnerabilities in the previous version of ACRN 2019w25.5-140000p. An attacker can use this vulnerability to cause a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-18844",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ]
  },
  "id": "VAR-201911-0634",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      }
    ],
    "trust": 1.428947365
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:35:55.006000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "dm: pci: clean up assert() in pci core (projectacrn)",
        "trust": 0.8,
        "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
      },
      {
        "title": "dm: validate the input in \u0027pci_emul_mem_handler()\u0027",
        "trust": 0.8,
        "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
      },
      {
        "title": "Comparing changes",
        "trust": 0.8,
        "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
      },
      {
        "title": "Assert usages issue in device model from KW work. #3252",
        "trust": 0.8,
        "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
      },
      {
        "title": "dm: pci: clean up assert() in pci core (shuox)",
        "trust": 0.8,
        "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
      },
      {
        "title": "Patch for ACRN Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/213823"
      },
      {
        "title": "ACRN Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103334"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-617",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18844"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252"
      },
      {
        "trust": 1.6,
        "url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18844"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-18844"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "date": "2019-11-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "date": "2019-11-13T20:15:11.020000",
        "db": "NVD",
        "id": "CVE-2019-18844"
      },
      {
        "date": "2019-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-22865"
      },
      {
        "date": "2019-11-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      },
      {
        "date": "2020-11-09T21:46:29.847000",
        "db": "NVD",
        "id": "CVE-2019-18844"
      },
      {
        "date": "2020-11-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ACRN Reachable vulnerability in reachable",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-012159"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201911-754"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-18844 (GCVE-0-2019-18844)

CNVD-2020-22865

GSD-2019-18844

FKIE_CVE-2019-18844

GHSA-3RH5-9P47-7947

VAR-201911-0634

Tags

Sightings

Nomenclature