CVE-2019-14821

CVSS v3.1 8.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.08 % (36^th)

Affected Products 38

Advisories 50

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2019-09-19 18:15:10
(5 years ago)
Updated Date: 2024-02-16 18:44:10
(7 months ago)

Affected Products

Netapp

Opensuse

Leap

Oracle

Sd-wan Edge

Redhat

Configuration #1

	CPE23	From	Up To
Linux Kernel from 2.6.27 version and 3.15.10 and prior versions	cpe:2.3:o:linux:linux_kernel	>= 2.6.27	<= 3.15.10
Linux Kernel from 3.16 version and prior 3.16.74 version	cpe:2.3:o:linux:linux_kernel	>= 3.16	< 3.16.74
Linux Kernel from 4.4 version and prior 4.4.194 version	cpe:2.3:o:linux:linux_kernel	>= 4.4	< 4.4.194
Linux Kernel from 4.9 version and prior 4.9.194 version	cpe:2.3:o:linux:linux_kernel	>= 4.9	< 4.9.194
Linux Kernel from 4.14 version and prior 4.14.146 version	cpe:2.3:o:linux:linux_kernel	>= 4.14	< 4.14.146
Linux Kernel from 4.19 version and prior 4.19.75 version	cpe:2.3:o:linux:linux_kernel	>= 4.19	< 4.19.75
Linux Kernel from 5.2 version and prior 5.2.17 version	cpe:2.3:o:linux:linux_kernel	>= 5.2	< 5.2.17
Linux Kernel from 5.3 version and prior 5.3.1 version	cpe:2.3:o:linux:linux_kernel	>= 5.3	< 5.3.1
Linux Kernel 5.4 Rc1	cpe:2.3:o:linux:linux_kernel:5.4:rc1

Configuration #2

		CPE23	From	Up To
	Redhat Virtualization Host 4.0	cpe:2.3:a:redhat:virtualization_host:4.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Eus 7.7	cpe:2.3:o:redhat:enterprise_linux_eus:7.7
	Redhat Enterprise Linux for Real Time 7	cpe:2.3:o:redhat:enterprise_linux_for_real_time:7
	Redhat Enterprise Linux for Real Time 8	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
	Redhat Enterprise Linux Server Tus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #4

		CPE23	From	Up To
	Opensuse Leap 15.0	cpe:2.3:o:opensuse:leap:15.0
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Configuration #5

		CPE23	From	Up To
	Fedoraproject Fedora 29	cpe:2.3:o:fedoraproject:fedora:29
	Fedoraproject Fedora 30	cpe:2.3:o:fedoraproject:fedora:30

Configuration #6

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #7

AND

		CPE23
OR
	Netapp Aff A700s	cpe:2.3:h:netapp:aff_a700s:-
OR
	Running on/with
	Netapp Aff A700s Firmware	cpe:2.3:o:netapp:aff_a700s_firmware:-

Configuration #8

AND

		CPE23
OR
	Netapp H300s	cpe:2.3:h:netapp:h300s:-
OR
	Running on/with
	Netapp H300s Firmware	cpe:2.3:o:netapp:h300s_firmware:-

Configuration #9

AND

		CPE23
OR
	Netapp H500s	cpe:2.3:h:netapp:h500s:-
OR
	Running on/with
	Netapp H500s Firmware	cpe:2.3:o:netapp:h500s_firmware:-

Configuration #10

AND

		CPE23
OR
	Netapp H700s	cpe:2.3:h:netapp:h700s:-
OR
	Running on/with
	Netapp H700s Firmware	cpe:2.3:o:netapp:h700s_firmware:-

Configuration #11

AND

		CPE23
OR
	Netapp H300e	cpe:2.3:h:netapp:h300e:-
OR
	Running on/with
	Netapp H300e Firmware	cpe:2.3:o:netapp:h300e_firmware:-

Configuration #12

AND

		CPE23
OR
	Netapp H500e	cpe:2.3:h:netapp:h500e:-
OR
	Running on/with
	Netapp H500e Firmware	cpe:2.3:o:netapp:h500e_firmware:-

Configuration #13

AND

		CPE23
OR
	Netapp H700e Firmware	cpe:2.3:o:netapp:h700e_firmware:-
OR
	Running on/with
	Netapp H700e	cpe:2.3:h:netapp:h700e:-

Configuration #14

AND

		CPE23
OR
	Netapp H410s Firmware	cpe:2.3:o:netapp:h410s_firmware:-
OR
	Running on/with
	Netapp H410s	cpe:2.3:h:netapp:h410s:-

Configuration #15

AND

		CPE23
OR
	Netapp H410c Firmware	cpe:2.3:o:netapp:h410c_firmware:-
OR
	Running on/with
	Netapp H410c	cpe:2.3:h:netapp:h410c:-

Configuration #16

AND

		CPE23
OR
	Netapp H610s Firmware	cpe:2.3:o:netapp:h610s_firmware:-
OR
	Running on/with
	Netapp H610s	cpe:2.3:h:netapp:h610s:-

Configuration #17

		CPE23	From	Up To
	Netapp Data Availability Services	cpe:2.3:a:netapp:data_availability_services:-
	Netapp Hci Management Node	cpe:2.3:a:netapp:hci_management_node:-
	Netapp Solidfire	cpe:2.3:a:netapp:solidfire:-

Configuration #18

		CPE23	From	Up To
	Oracle Sd-wan Edge 7.3	cpe:2.3:a:oracle:sd-wan_edge:7.3
	Oracle Sd-wan Edge 8.0	cpe:2.3:a:oracle:sd-wan_edge:8.0
	Oracle Sd-wan Edge 8.1	cpe:2.3:a:oracle:sd-wan_edge:8.1
	Oracle Sd-wan Edge 8.2	cpe:2.3:a:oracle:sd-wan_edge:8.2