cbcvebase.
CVE-2019-14821
published 2019-09-19

CVE-2019-14821: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO…

high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Affected

45 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianlinux< linux 5.2.17-1 (bookworm)linux 5.2.17-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
linuxkernel
linuxlinux_kernel
linuxlinux_kernel>= 0 < 5.2.17-15.2.17-1
linuxlinux_kernel>= 0 < 5.2.17-15.2.17-1
linuxlinux_kernel>= 0 < 5.2.17-15.2.17-1
linuxlinux_kernel>= 0 < 5.2.17-15.2.17-1
linuxlinux_kernel>= 0 < 4.4.0-166.1954.4.0-166.195
linuxlinux_kernel>= 0 < 4.15.0-66.754.15.0-66.75
linuxlinux_kernel2.6.27 – 3.15.10
linuxlinux_kernel>= 3.16 < 3.16.743.16.74
linuxlinux_kernel>= 4.14 < 4.14.1464.14.146
linuxlinux_kernel>= 4.19 < 4.19.754.19.75
linuxlinux_kernel>= 4.4 < 4.4.1944.4.194
linuxlinux_kernel>= 4.9 < 4.9.1944.9.194
linuxlinux_kernel>= 5.2 < 5.2.175.2.17

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv8.8HIGH