Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2019-14821First vendor Publication2019-09-19
VendorCveLast vendor Modification2019-09-23

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score7.2Attack RangeLocal
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821

CWE : Common Weakness Enumeration

%idName
100 %CWE-787Out-of-bounds Write (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Os3316
Os4

Sources (Detail)

SourceUrl
BUGTRAQ https://seclists.org/bugtraq/2019/Sep/41
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
https://security.netapp.com/advisory/ntap-20191004-0001/
DEBIAN https://www.debian.org/security/2019/dsa-4531
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
MLIST http://www.openwall.com/lists/oss-security/2019/09/20/1
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2019-10-11 12:08:03
  • Multiple Updates
2019-10-05 12:11:09
  • Multiple Updates
2019-10-02 12:01:33
  • Multiple Updates
2019-10-01 21:19:14
  • Multiple Updates
2019-09-25 17:19:38
  • Multiple Updates
2019-09-24 17:19:23
  • Multiple Updates
2019-09-20 17:19:24
  • Multiple Updates
2019-09-20 00:19:30
  • First insertion