Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Published

2019-09-17T16:15:10.980

Last Modified

2024-11-21T04:27:27.790

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-120
Type: Secondary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 3.16.74	Yes
Operating System	linux	linux_kernel	< 4.4.193	Yes
Operating System	linux	linux_kernel	< 4.9.193	Yes
Operating System	linux	linux_kernel	< 4.14.144	Yes
Operating System	linux	linux_kernel	< 4.19.73	Yes
Operating System	linux	linux_kernel	< 5.2.15	Yes
Operating System	linux	linux_kernel	5.3	Yes
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Operating System	canonical	ubuntu_linux	19.04	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	29	Yes
Operating System	fedoraproject	fedora	30	Yes
Operating System	opensuse	leap	15.0	Yes
Operating System	opensuse	leap	15.1	Yes
Operating System	netapp	aff_a700s_firmware	-	Yes
Hardware	netapp	aff_a700s	*	No
Operating System	netapp	h410c_firmware	-	Yes
Hardware	netapp	h410c	*	No
Operating System	netapp	h610s_firmware	-	Yes
Hardware	netapp	h610s	*	No
Operating System	netapp	h300s_firmware	-	Yes
Hardware	netapp	h300s	*	No
Operating System	netapp	h500s_firmware	-	Yes
Hardware	netapp	h500s	*	No
Operating System	netapp	h700s_firmware	-	Yes
Hardware	netapp	h700s	*	No
Operating System	netapp	h300e_firmware	-	Yes
Hardware	netapp	h300e	*	No
Operating System	netapp	h500e_firmware	-	Yes
Hardware	netapp	h500e	*	No
Operating System	netapp	h700e_firmware	-	Yes
Hardware	netapp	h700e	*	No
Operating System	netapp	h410s_firmware	-	Yes
Hardware	netapp	h410s	*	No
Application	netapp	data_availability_services	-	Yes
Application	netapp	hci_management_node	-	Yes
Application	netapp	service_processor	-	Yes
Application	netapp	solidfire	-	Yes
Application	netapp	steelstore_cloud_integrated_storage	-	Yes
Application	redhat	openshift_container_platform	3.11	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_eus	7.5	Yes
Operating System	redhat	enterprise_linux_eus	7.6	Yes
Operating System	redhat	enterprise_linux_eus	7.7	Yes
Operating System	redhat	enterprise_linux_for_real_time	7	Yes
Operating System	redhat	enterprise_linux_for_real_time	8	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	6.5	Yes
Operating System	redhat	enterprise_linux_server_aus	6.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.2	Yes
Operating System	redhat	enterprise_linux_server_aus	7.3	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_tus	7.2	Yes
Operating System	redhat	enterprise_linux_server_tus	7.3	Yes
Operating System	redhat	enterprise_linux_server_tus	7.4	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	redhat	virtualization	4.0	Yes
Application	redhat	virtualization_host	4.0	Yes
Operating System	redhat	enterprise_linux	7.0	No
Application	huawei	imanager_neteco	v600r009c00	Yes
Application	huawei	imanager_neteco	v600r009c10spc200	Yes
Application	huawei	imanager_neteco_6000	v600r008c10spc300	Yes
Application	huawei	imanager_neteco_6000	v600r008c20	Yes
Application	huawei	manageone	6.5.0	Yes
Application	huawei	manageone	6.5.0.spc100.b210	Yes
Application	huawei	manageone	6.5.1rc1.b060	Yes
Application	huawei	manageone	6.5.1rc1.b080	Yes
Application	huawei	manageone	6.5.rc2.b050	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html Mailing List, Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html Third Party Advisory, VDB Entry ([email protected])
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Third Party Advisory, VDB Entry ([email protected])
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/09/24/1 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2019/10/03/1 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/10/09/3 Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2019/10/09/7 Mailing List, Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHBA-2019:2824 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2827 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2828 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2829 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2830 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2854 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2862 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2863 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2864 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2865 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2866 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2867 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2869 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2889 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2899 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2900 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2901 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:2924 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/ Mailing List ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ Mailing List ([email protected])
https://seclists.org/bugtraq/2019/Nov/11 Issue Tracking, Mailing List, Third Party Advisory ([email protected])
https://seclists.org/bugtraq/2019/Sep/41 Issue Tracking, Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/4135-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/4135-2/ Third Party Advisory ([email protected])
https://www.debian.org/security/2019/dsa-4531 Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2019/09/17/1 Exploit, Mailing List, Patch, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/09/24/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/10/03/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/10/09/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2019/10/09/7 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHBA-2019:2824 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2827 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2828 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2829 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2830 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2854 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2862 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2863 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2864 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2865 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2866 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2867 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2869 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2889 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2899 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2900 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2901 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:2924 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Nov/11 Issue Tracking, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/bugtraq/2019/Sep/41 Issue Tracking, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20191031-0005/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4135-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4135-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2019/dsa-4531 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2019/09/17/1 Exploit, Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)