CVE-2019-14835
Published: September 17, 2019Last modified: December 15, 2023
Description
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.8 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Not affected (6.1.50-r0) |
| Stream | linux-lts | Not affected (6.1.50-r0) |
References
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en
- http://www.openwall.com/lists/oss-security/2019/09/24/1
- http://www.openwall.com/lists/oss-security/2019/10/03/1
- http://www.openwall.com/lists/oss-security/2019/10/09/3
- http://www.openwall.com/lists/oss-security/2019/10/09/7
- https://access.redhat.com/errata/RHBA-2019:2824
- https://access.redhat.com/errata/RHSA-2019:2827
- https://access.redhat.com/errata/RHSA-2019:2828
- https://access.redhat.com/errata/RHSA-2019:2829
- https://access.redhat.com/errata/RHSA-2019:2830
- https://access.redhat.com/errata/RHSA-2019:2854
- https://access.redhat.com/errata/RHSA-2019:2862
- https://access.redhat.com/errata/RHSA-2019:2863
- https://access.redhat.com/errata/RHSA-2019:2864
- https://access.redhat.com/errata/RHSA-2019:2865
- https://access.redhat.com/errata/RHSA-2019:2866
- https://access.redhat.com/errata/RHSA-2019:2867
- https://access.redhat.com/errata/RHSA-2019:2869
- https://access.redhat.com/errata/RHSA-2019:2889
- https://access.redhat.com/errata/RHSA-2019:2899
- https://access.redhat.com/errata/RHSA-2019:2900
- https://access.redhat.com/errata/RHSA-2019:2901
- https://access.redhat.com/errata/RHSA-2019:2924
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
- https://seclists.org/bugtraq/2019/Nov/11
- https://seclists.org/bugtraq/2019/Sep/41
- https://security.netapp.com/advisory/ntap-20191031-0005/
- https://usn.ubuntu.com/4135-1/
- https://usn.ubuntu.com/4135-2/
- https://www.debian.org/security/2019/dsa-4531
- https://www.openwall.com/lists/oss-security/2019/09/17/1