CVE-2019-7221

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

References

http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html

http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html

http://www.openwall.com/lists/oss-security/2019/02/18/2

https://access.redhat.com/errata/RHBA-2019:0959

https://access.redhat.com/errata/RHSA-2019:0818

https://access.redhat.com/errata/RHSA-2019:0833

https://access.redhat.com/errata/RHSA-2019:3967

https://access.redhat.com/errata/RHSA-2019:4058

https://bugs.chromium.org/p/project-zero/issues/detail?id=1760

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f

https://github.com/torvalds/linux/commits/master/arch/x86/kvm

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/

https://lists.fedoraproject.org/archives/list/[email protected]/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/

https://security.netapp.com/advisory/ntap-20190404-0002/

https://support.f5.com/csp/article/K08413011

https://usn.ubuntu.com/3930-1/

https://usn.ubuntu.com/3930-2/

https://usn.ubuntu.com/3931-1/

https://usn.ubuntu.com/3931-2/

https://usn.ubuntu.com/3932-1/

https://usn.ubuntu.com/3932-2/

Details

Source: MITRE

Published: 2019-03-21

Updated: 2020-10-15

Type: CWE-416

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.20.5 (inclusive)

Configuration 2

OR

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (50 total)

IDNameProductFamilySeverity
149098EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)NessusHuawei Local Security Checks
high
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141207Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)NessusOracle Linux Local Security Checks
critical
133455Virtuozzo 7 : readykernel-patch (VZA-2019-046)NessusVirtuozzo Local Security Checks
high
133454Virtuozzo 7 : readykernel-patch (VZA-2019-045)NessusVirtuozzo Local Security Checks
high
133453Virtuozzo 7 : readykernel-patch (VZA-2019-042)NessusVirtuozzo Local Security Checks
high
131675RHEL 7 : kernel (RHSA-2019:4058)NessusRed Hat Local Security Checks
high
131375RHEL 7 : kernel (RHSA-2019:3967)NessusRed Hat Local Security Checks
high
127302NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0086)NessusNewStart CGSL Local Security Checks
high
127301NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0085)NessusNewStart CGSL Local Security Checks
high
127285NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0077)NessusNewStart CGSL Local Security Checks
high
127283NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0076)NessusNewStart CGSL Local Security Checks
high
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124978EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1525)NessusHuawei Local Security Checks
high
124953EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)NessusHuawei Local Security Checks
high
124748EulerOS Virtualization 2.5.3 : kvm (EulerOS-SA-2019-1370)NessusHuawei Local Security Checks
high
124595Debian DLA-1771-1 : linux-4.9 security updateNessusDebian Local Security Checks
medium
124416CentOS 7 : kernel (CESA-2019:0818)NessusCentOS Local Security Checks
high
124398EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1302)NessusHuawei Local Security Checks
high
124290Scientific Linux Security Update : kernel on SL7.x x86_64 (20190423)NessusScientific Linux Local Security Checks
high
124259RHEL 7 : kernel-rt (RHSA-2019:0833)NessusRed Hat Local Security Checks
high
124256RHEL 7 : kernel (RHSA-2019:0818)NessusRed Hat Local Security Checks
high
124254Oracle Linux 7 : kernel (ELSA-2019-0818)NessusOracle Linux Local Security Checks
high
124048Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4612)NessusOracle Linux Local Security Checks
high
123927SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0901-1)NessusSuSE Local Security Checks
high
123681Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3932-2)NessusUbuntu Local Security Checks
medium
123680Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3932-1)NessusUbuntu Local Security Checks
medium
123679Ubuntu 14.04 LTS / 16.04 LTS : linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle (USN-3931-2)NessusUbuntu Local Security Checks
high
123678Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, (USN-3931-1)NessusUbuntu Local Security Checks
high
123677Ubuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3930-2)NessusUbuntu Local Security Checks
high
123676Ubuntu 18.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 (USN-3930-1)NessusUbuntu Local Security Checks
high
123635SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0828-1)NessusSuSE Local Security Checks
high
123496SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)NessusSuSE Local Security Checks
high
123445SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)NessusSuSE Local Security Checks
high
123420Debian DLA-1731-2 : linux regression update (Spectre)NessusDebian Local Security Checks
medium
123413SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)NessusSuSE Local Security Checks
high
123125SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0722-1)NessusSuSE Local Security Checks
high
123066SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0709-1)NessusSuSE Local Security Checks
high
123061SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0683-1)NessusSuSE Local Security Checks
high
123000SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0672-1)NessusSuSE Local Security Checks
high
122969SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0645-1)NessusSuSE Local Security Checks
high
122699EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)NessusHuawei Local Security Checks
high
122671Amazon Linux 2 : kernel (ALAS-2019-1165)NessusAmazon Linux Local Security Checks
high
122609SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)NessusSuSE Local Security Checks
high
122602Amazon Linux AMI : kernel (ALAS-2019-1165)NessusAmazon Linux Local Security Checks
high
122578openSUSE Security Update : the Linux Kernel (openSUSE-2019-274)NessusSuSE Local Security Checks
high
122303openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)NessusSuSE Local Security Checks
high
122278Fedora 28 : kernel / kernel-headers / kernel-tools (2019-3da64f3e61)NessusFedora Local Security Checks
high
122275Fedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)NessusFedora Local Security Checks
high