CVE-2019-19332
published 2020-01-09CVE-2019-19332: An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the…
medium6.1CVSS 3.1
AVLACLPRLUINSUCNILAH
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.4.6-1 (bookworm) | linux 5.4.6-1 (bookworm) |
| linux | kernel | — | — |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 0 < 5.4.6-1 | 5.4.6-1 |
| linux | linux_kernel | >= 0 < 4.4.0-173.203 | 4.4.0-173.203 |
| linux | linux_kernel | >= 0 < 4.15.0-88.88 | 4.15.0-88.88 |
| linux | linux_kernel | 3.13 – 5.4 | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
osv7.5HIGH