CVE-2019-0695 — Improper Input Validation in Microsoft Windows

CWE-20 — Improper Input Validation7 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 37.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows 10 +12 more

Timeline

PublishedApr 9

Latest updateMay 14

Description

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0701.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.3 | Impact: 4.0

Affected Packages14 packages

▶msrcmsrc/windows_server_2019

▶CVEListV5microsoft/windows_server2019, 2019 (Core installation), version 1803 (Core Installation)+2

▶CVEListV5microsoft/windows10 Version 1803 for x64-based Systems, 10 Version 1809 for x64-based Systems+1

▶NVDmicrosoft/windowsr2, 1709, 1803+2

▶NVDmicrosoft/windows_105 versions+4

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-f7f3-v225-hmxj: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest op↗2022-05-14

▶

GHSA

GHSA-w9x3-fjwf-qgxf: A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest op↗2022-05-14

▶

GHSA

GHSA-x44w-p4rq-c889: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use↗2022-05-14

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Information Disclosure Vulnerability↗2019-03-12

▶