ghsa-5xg6-r8mx-769h
Vulnerability from github
Published
2022-05-24 16:56
Modified
2024-02-16 21:31
Details

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Show details on source website


{
  "affected": [],
  "aliases": [
    "CVE-2019-14821"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-19T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel\u0027s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer \u0027struct kvm_coalesced_mmio\u0027 object, wherein write indices \u0027ring-\u003efirst\u0027 and \u0027ring-\u003elast\u0027 value could be supplied by a host user-space process. An unprivileged host user or process with access to \u0027/dev/kvm\u0027 device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.",
  "id": "GHSA-5xg6-r8mx-769h",
  "modified": "2024-02-16T21:31:30Z",
  "published": "2022-05-24T16:56:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14821"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2019/dsa-4531"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4163-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4163-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4162-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4162-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4157-2"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4157-1"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20191004-0001"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Sep/41"
    },
    {
      "type": "WEB",
      "url": "https://seclists.org/bugtraq/2019/Nov/11"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1746708"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2019-14821"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:2851"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0204"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0027"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:4256"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:4154"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3979"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3978"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3517"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:3309"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/09/20/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.