CVE-2019-14821

HIGH

Description

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html

http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html

http://www.openwall.com/lists/oss-security/2019/09/20/1

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821

https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/

https://lists.fedoraproject.org/archives/list/[email protected]/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/

https://seclists.org/bugtraq/2019/Sep/41

https://security.netapp.com/advisory/ntap-20191004-0001/

https://usn.ubuntu.com/4157-1/

https://usn.ubuntu.com/4157-2/

https://usn.ubuntu.com/4162-1/

https://usn.ubuntu.com/4162-2/

https://usn.ubuntu.com/4163-1/

https://usn.ubuntu.com/4163-2/

https://www.debian.org/security/2019/dsa-4531

Details

Source: MITRE

Published: 2019-09-19

Updated: 2019-09-24

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2

Severity: HIGH

Tenable Plugins

View all (59 total)

IDNameProductFamilySeverity
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
high
138171RHEL 7 : kernel (RHSA-2020:2851)NessusRed Hat Local Security Checks
high
138011EulerOS Virtualization 3.0.6.0 : kvm (EulerOS-SA-2020-1792)NessusHuawei Local Security Checks
high
134735EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1269)NessusHuawei Local Security Checks
high
134312NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0021)NessusNewStart CGSL Local Security Checks
high
133463Virtuozzo 7 : readykernel-patch (VZA-2019-086)NessusVirtuozzo Local Security Checks
high
133399Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-011)NessusVirtuozzo Local Security Checks
high
133221RHEL 8 : kernel (RHSA-2020:0204)NessusRed Hat Local Security Checks
critical
132925SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)NessusSuSE Local Security Checks
critical
132686RHEL 7 : kpatch-patch (RHSA-2020:0027)NessusRed Hat Local Security Checks
high
132539Photon OS 2.0: Linux PHSA-2019-2.0-0189NessusPhotonOS Local Security Checks
high
132495NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0253)NessusNewStart CGSL Local Security Checks
high
132474NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0247)NessusNewStart CGSL Local Security Checks
high
132404CentOS 6 : kernel (CESA-2019:4256)NessusCentOS Local Security Checks
high
132307Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20191217)NessusScientific Linux Local Security Checks
high
132304Oracle Linux 6 : kernel (ELSA-2019-4256)NessusOracle Linux Local Security Checks
high
132233RHEL 6 : kernel (RHSA-2019:4256)NessusRed Hat Local Security Checks
high
132071SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3295-1)NessusSuSE Local Security Checks
high
131979RHEL 7 : kernel-alt (RHSA-2019:4154)NessusRed Hat Local Security Checks
high
131845EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)NessusHuawei Local Security Checks
critical
131833SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3200-1)NessusSuSE Local Security Checks
high
131832Scientific Linux Security Update : kernel on SL7.x x86_64 (20191205)NessusScientific Linux Local Security Checks
high
131571CentOS 7 : kernel (CESA-2019:3979)NessusCentOS Local Security Checks
high
131519Oracle Linux 7 : kernel (ELSA-2019-3979)NessusOracle Linux Local Security Checks
high
131421NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0222)NessusNewStart CGSL Local Security Checks
high
131379RHEL 7 : kernel (RHSA-2019:3979)NessusRed Hat Local Security Checks
high
131378RHEL 7 : kernel-rt (RHSA-2019:3978)NessusRed Hat Local Security Checks
high
131120SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2984-1)NessusSuSE Local Security Checks
critical
130950SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2950-1) (SACK Panic)NessusSuSE Local Security Checks
critical
130949SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2949-1)NessusSuSE Local Security Checks
critical
130751Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)NessusSlackware Local Security Checks
critical
130736EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2274)NessusHuawei Local Security Checks
critical
130663EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2201)NessusHuawei Local Security Checks
critical
130547RHEL 8 : kernel (RHSA-2019:3517)NessusRed Hat Local Security Checks
high
130526RHEL 8 : kernel-rt (RHSA-2019:3309)NessusRed Hat Local Security Checks
high
130452SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2879-1)NessusSuSE Local Security Checks
high
130152Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4163-1)NessusUbuntu Local Security Checks
critical
130151Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4162-1)NessusUbuntu Local Security Checks
critical
130147Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4157-2)NessusUbuntu Local Security Checks
critical
130120Photon OS 3.0: Linux PHSA-2019-3.0-0034NessusPhotonOS Local Security Checks
high
130089SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2710-1)NessusSuSE Local Security Checks
high
130050SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2706-1)NessusSuSE Local Security Checks
high
130003Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4157-1)NessusUbuntu Local Security Checks
critical
129924NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)NessusNewStart CGSL Local Security Checks
high
129845SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2648-1)NessusSuSE Local Security Checks
critical
129841Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4820)NessusOracle Linux Local Security Checks
high
129807openSUSE Security Update : the Linux Kernel (openSUSE-2019-2308)NessusSuSE Local Security Checks
high
129806openSUSE Security Update : the Linux Kernel (openSUSE-2019-2307)NessusSuSE Local Security Checks
high
129512Fedora 29 : kernel / kernel-headers / kernel-tools (2019-a570a92d5a)NessusFedora Local Security Checks
high
129505Debian DLA-1940-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
129440EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2081)NessusHuawei Local Security Checks
high
129407Amazon Linux AMI : kernel (ALAS-2019-1293)NessusAmazon Linux Local Security Checks
high
129392Amazon Linux 2 : kernel (ALAS-2019-1293)NessusAmazon Linux Local Security Checks
high
129361Debian DLA-1930-1 : linux security updateNessusDebian Local Security Checks
critical
129306Debian DSA-4531-1 : linux - security updateNessusDebian Local Security Checks
high
129170Fedora 30 : kernel / kernel-headers (2019-15e141c6a7)NessusFedora Local Security Checks
high
129141Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4800)NessusOracle Linux Local Security Checks
high
129140Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4799)NessusOracle Linux Local Security Checks
high
129137OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0044)NessusOracleVM Local Security Checks
high