CVE-2019-14821

Published: Sep 19, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 2.0 / Impact: 6.0

Source: NVD

Description

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Affected (50)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux For Real Time, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Enterprise Linux Workstation, Virtualization Host · Canonical: Ubuntu Linux · +5 more

Show all products

1 product

9 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux For Real Time

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

1 product

1 product

1 product

1 product

13 products

Data Availability Services

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.27 to 3.15.10
Linux Linux Kernel	From 3.16 to 3.16.74
Linux Linux Kernel	From 4.14 to 4.14.146
Linux Linux Kernel	From 4.19 to 4.19.75
Linux Linux Kernel	From 4.4 to 4.4.194
Linux Linux Kernel	From 4.9 to 4.9.194
Linux Linux Kernel	From 5.2 to 5.2.17
Linux Linux Kernel	From 5.3 to 5.3.1
Linux Linux Kernel	Version 5.4 rc1

Configuration B

13 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux For Real Time	Version 7
Redhat Enterprise Linux For Real Time	Version 8
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Virtualization Host	Version 4.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration F

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff A700s Firmware	All versions

Running on/with	Platform Versions
Netapp Aff A700s	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Configuration Q

3 vulnerable

Vulnerable Software	Affected Versions
Netapp Data Availability Services	All versions
Netapp Hci Management Node	All versions
Netapp Solidfire	All versions

Configuration R

4 vulnerable

Vulnerable Software	Affected Versions
Oracle Sd Wan Edge	Version 7.3
Oracle Sd Wan Edge	Version 8.0
Oracle Sd Wan Edge	Version 8.1
Oracle Sd Wan Edge	Version 8.2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (58)

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.openwall.com/lists/oss-security/2019/09/20/1

Source: secalert@redhat.com

Mailing ListPatchThird Party Advisory

https://access.redhat.com/errata/RHSA-2019:3309

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3517

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3978

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:3979

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4154

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:4256

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0027

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0204

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821

Source: secalert@redhat.com

Issue TrackingMitigationPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Nov/11

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Sep/41

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20191004-0001/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4157-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4157-2/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4162-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4162-2/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4163-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4163-2/

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2019/dsa-4531

Source: secalert@redhat.com

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html