CVE-2019-14835

Published: Sep 17, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Affected (71)

Products: Linux: Linux Kernel · Canonical: Ubuntu Linux · Debian: Debian Linux · +5 more

Show all products

1 product

1 product

1 product

1 product

1 product

15 products

Data Availability Services

Hci Management Node

Service Processor

Solidfire

Steelstore Cloud Integrated Storage

Redhat

11 products

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux For Real Time

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Openshift Container Platform

3 products

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.34 to 3.16.74
Linux Linux Kernel	From 4.14 to 4.14.144
Linux Linux Kernel	From 4.19 to 4.19.73
Linux Linux Kernel	From 4.4 to 4.4.193
Linux Linux Kernel	From 4.9 to 4.9.193
Linux Linux Kernel	From 5.2 to 5.2.15
Linux Linux Kernel	Version 5.3

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp Aff A700s Firmware	All versions

Running on/with	Platform Versions
Netapp Aff A700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H610s Firmware	All versions

Running on/with	Platform Versions
Netapp H610s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration P

5 vulnerable

Vulnerable Software	Affected Versions
Netapp Data Availability Services	All versions
Netapp Hci Management Node	All versions
Netapp Service Processor	All versions
Netapp Solidfire	All versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration Q

26 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux For Real Time	Version 7
Redhat Enterprise Linux For Real Time	Version 8
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server	Version 7.6
Redhat Enterprise Linux Server Aus	Version 6.5
Redhat Enterprise Linux Server Aus	Version 6.6
Redhat Enterprise Linux Server Aus	Version 7.2
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.2
Redhat Enterprise Linux Server Tus	Version 7.3
Redhat Enterprise Linux Server Tus	Version 7.4
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Openshift Container Platform	Version 3.11

Configuration R

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Virtualization	Version 4.0
Redhat Virtualization Host	Version 4.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0

Configuration S

9 vulnerable

Vulnerable Software	Affected Versions
Huawei Imanager Neteco	Version v600r009c00
Huawei Imanager Neteco	Version v600r009c10spc200
Huawei Imanager Neteco 6000	Version v600r008c10spc300
Huawei Imanager Neteco 6000	Version v600r008c20
Huawei Manageone	Version 6.5.0.spc100.b210
Huawei Manageone	Version 6.5.0
Huawei Manageone	Version 6.5.1rc1.b060
Huawei Manageone	Version 6.5.1rc1.b080
Huawei Manageone	Version 6.5.rc2.b050

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (80)

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/09/24/1

Source: secalert@redhat.com

Mailing List

http://www.openwall.com/lists/oss-security/2019/10/03/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/10/09/3

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2019/10/09/7

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHBA-2019:2824

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2827

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2828

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2829

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2830

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2854

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2862

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2863

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2864

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2865

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2866

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2867

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2869

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2889

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2899

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2900

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2901

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2924

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/

Source: secalert@redhat.com

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/

Source: secalert@redhat.com

Mailing List

https://seclists.org/bugtraq/2019/Nov/11

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

https://seclists.org/bugtraq/2019/Sep/41

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20191031-0005/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4135-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/4135-2/

Source: secalert@redhat.com

Third Party Advisory

https://www.debian.org/security/2019/dsa-4531

Source: secalert@redhat.com

Third Party Advisory

https://www.openwall.com/lists/oss-security/2019/09/17/1

Source: secalert@redhat.com

ExploitMailing ListPatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html