An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
|
Configuration 18 (hide)
|
History
21 Nov 2024, 04:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html - Mailing List, Third Party Advisory | |
References | () http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html - Third Party Advisory, VDB Entry | |
References | () http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Third Party Advisory, VDB Entry | |
References | () http://www.openwall.com/lists/oss-security/2019/09/20/1 - Mailing List, Patch, Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:3309 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:3517 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:3978 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:3979 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:4154 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2019:4256 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2020:0027 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2020:0204 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821 - Issue Tracking, Mitigation, Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ - Mailing List, Third Party Advisory | |
References | () https://seclists.org/bugtraq/2019/Nov/11 - Mailing List, Third Party Advisory | |
References | () https://seclists.org/bugtraq/2019/Sep/41 - Issue Tracking, Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20191004-0001/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/4157-1/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/4157-2/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/4162-1/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/4162-2/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/4163-1/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/4163-2/ - Third Party Advisory | |
References | () https://www.debian.org/security/2019/dsa-4531 - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory |
16 Feb 2024, 18:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ - Mailing List, Third Party Advisory |
02 Jun 2021, 15:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:7.3:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.4:rc1:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:* |
References | (MLIST) http://www.openwall.com/lists/oss-security/2019/09/20/1 - Mailing List, Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20191004-0001/ - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2019/dsa-4531 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3309 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0204 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4157-2/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3517 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:4154 - Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Nov/11 - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4162-2/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3978 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4163-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html - Mailing List, Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Sep/41 - Issue Tracking, Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:4256 - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/ - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html - Third Party Advisory, VDB Entry | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4157-1/ - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0027 - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4163-2/ - Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4162-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html - Third Party Advisory, VDB Entry | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:3979 - Third Party Advisory |
Information
Published : 2019-09-19 18:15
Updated : 2024-11-21 04:27
NVD link : CVE-2019-14821
Mitre link : CVE-2019-14821
CVE.ORG link : CVE-2019-14821
JSON object : View
Products Affected
oracle
- sd-wan_edge
redhat
- enterprise_linux
- enterprise_linux_for_real_time
- enterprise_linux_server_tus
- enterprise_linux_eus
- virtualization_host
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server
netapp
- h300s
- h300e_firmware
- h700e_firmware
- h500e_firmware
- h700s
- h300e
- h500e
- h500s_firmware
- h500s
- solidfire
- aff_a700s
- h410s_firmware
- h700e
- hci_management_node
- h610s_firmware
- aff_a700s_firmware
- h410s
- h410c
- h410c_firmware
- h300s_firmware
- h610s
- data_availability_services
- h700s_firmware
canonical
- ubuntu_linux
fedoraproject
- fedora
opensuse
- leap
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-787
Out-of-bounds Write