CVE-2019-3882
CVSS v3.1
5.5 (Medium)
CVSS v2.0
4.9 (Medium)
EPSS
0.04 % (11th)
Affected Products
14
Advisories
51
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
Weaknesses
- CWE-770
- Allocation of Resources Without Limits or Throttling
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2019-04-24 16:29:02
(5 years ago) - Updated Date
-
2023-02-12 23:38:23
(19 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
AND |
|
---|
Configuration #2
AND |
|
---|
Configuration #3
AND |
|
---|
Configuration #4
AND |
|
---|
Configuration #5
AND |
|
---|
Configuration #6
AND |
|
---|
Configuration #7
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...