A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
History
No history.
Information
Published : 2019-04-24 16:29
Updated : 2024-02-04 20:20
NVD link : CVE-2019-3882
Mitre link : CVE-2019-3882
CVE.ORG link : CVE-2019-3882
JSON object : View
Products Affected
netapp
- virtual_storage_console_for_vmware_vsphere
- active_iq_unified_manager_for_vmware_vsphere
- snapprotect
- storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere
- hci_management_node
- solidfire
- cn1610
- cn1610_firmware
- vasa_provider_for_clustered_data_ontap
debian
- debian_linux
canonical
- ubuntu_linux
opensuse
- leap
linux
- linux_kernel
fedoraproject
- fedora
CWE
CWE-770
Allocation of Resources Without Limits or Throttling