CVE-2019-18844Reachable Assertion in Acrn

CWE-617Reachable Assertion3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linux Acrn
Timeline
PublishedNov 13
Latest updateMay 24

Description

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDlinux/acrn< 2019w25.5-140000p

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-3rh5-9p47-7947: The Device Model in ACRN before 2019w252022-05-24
CVEList
CVE-2019-18844: The Device Model in ACRN before 2019w252019-11-13
CVE-2019-18844 — Reachable Assertion in Linux Acrn | cvebase