CVE-2019-7222

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

References

http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html

http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html

http://www.openwall.com/lists/oss-security/2019/02/18/2

http://www.securityfocus.com/bid/106963

https://access.redhat.com/errata/RHSA-2019:2029

https://access.redhat.com/errata/RHSA-2019:2043

https://access.redhat.com/errata/RHSA-2019:3309

https://access.redhat.com/errata/RHSA-2019:3517

https://bugs.chromium.org/p/project-zero/issues/detail?id=1759

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=353c0956a618a07ba4bbe7ad00ff29fe70e8412a

https://github.com/torvalds/linux/commits/master/arch/x86/kvm

https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/

https://lists.fedoraproject.org/archives/list/[email protected]/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/

https://security.netapp.com/advisory/ntap-20190404-0002/

https://usn.ubuntu.com/3930-1/

https://usn.ubuntu.com/3930-2/

https://usn.ubuntu.com/3931-1/

https://usn.ubuntu.com/3931-2/

https://usn.ubuntu.com/3932-1/

https://usn.ubuntu.com/3932-2/

https://usn.ubuntu.com/3933-1/

https://usn.ubuntu.com/3933-2/

Details

Source: MITRE

Published: 2019-03-21

Updated: 2020-08-24

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
critical
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141207Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)NessusOracle Linux Local Security Checks
critical
130547RHEL 8 : kernel (RHSA-2019:3517)NessusRed Hat Local Security Checks
critical
130526RHEL 8 : kernel-rt (RHSA-2019:3309)NessusRed Hat Local Security Checks
critical
128651CentOS 7 : kernel (CESA-2019:2029)NessusCentOS Local Security Checks
medium
128226Scientific Linux Security Update : kernel on SL7.x x86_64 (20190806)NessusScientific Linux Local Security Checks
medium
127655RHEL 7 : kernel-rt (RHSA-2019:2043)NessusRed Hat Local Security Checks
medium
127650RHEL 7 : kernel (RHSA-2019:2029)NessusRed Hat Local Security Checks
medium
127564EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)NessusHuawei Local Security Checks
high
127302NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0086)NessusNewStart CGSL Local Security Checks
high
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
125514EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1587)NessusHuawei Local Security Checks
high
125283SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1289-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)NessusSuSE Local Security Checks
high
124979EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1526)NessusHuawei Local Security Checks
high
124953EulerOS Virtualization 3.0.1.0 : kvm (EulerOS-SA-2019-1450)NessusHuawei Local Security Checks
high
124747EulerOS Virtualization 2.5.3 : kvm (EulerOS-SA-2019-1369)NessusHuawei Local Security Checks
medium
124595Debian DLA-1771-1 : linux-4.9 security updateNessusDebian Local Security Checks
medium
124048Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4612)NessusOracle Linux Local Security Checks
high
123927SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0901-1)NessusSuSE Local Security Checks
high
123682Ubuntu 14.04 LTS : linux vulnerabilities (USN-3933-1)NessusUbuntu Local Security Checks
high
123681Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3932-2)NessusUbuntu Local Security Checks
medium
123680Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3932-1)NessusUbuntu Local Security Checks
medium
123679Ubuntu 14.04 LTS / 16.04 LTS : linux-hwe, linux-aws-hwe, linux-azure, linux-gcp, linux-oracle (USN-3931-2)NessusUbuntu Local Security Checks
high
123678Ubuntu 18.04 LTS : linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle, (USN-3931-1)NessusUbuntu Local Security Checks
high
123677Ubuntu 18.04 LTS : linux-hwe, linux-azure vulnerabilities (USN-3930-2)NessusUbuntu Local Security Checks
high
123676Ubuntu 18.10 : linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2 (USN-3930-1)NessusUbuntu Local Security Checks
high
123635SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0828-1)NessusSuSE Local Security Checks
high
123496SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)NessusSuSE Local Security Checks
high
123445SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)NessusSuSE Local Security Checks
high
123420Debian DLA-1731-2 : linux regression update (Spectre)NessusDebian Local Security Checks
medium
123413SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)NessusSuSE Local Security Checks
high
122891SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13979-1)NessusSuSE Local Security Checks
high
122699EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1076)NessusHuawei Local Security Checks
high
122671Amazon Linux 2 : kernel (ALAS-2019-1165)NessusAmazon Linux Local Security Checks
high
122609SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0541-1)NessusSuSE Local Security Checks
high
122602Amazon Linux AMI : kernel (ALAS-2019-1165)NessusAmazon Linux Local Security Checks
high
122578openSUSE Security Update : the Linux Kernel (openSUSE-2019-274)NessusSuSE Local Security Checks
high
122303openSUSE Security Update : the Linux Kernel (openSUSE-2019-203)NessusSuSE Local Security Checks
high
122278Fedora 28 : kernel / kernel-headers / kernel-tools (2019-3da64f3e61)NessusFedora Local Security Checks
high
122275Fedora 29 : kernel / kernel-headers / kernel-tools (2019-164946aa7f)NessusFedora Local Security Checks
high