CVE-2019-3882
Severity
5.5MEDIUM
EPSS
0.0%
top 89.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedApr 24
Latest updateMay 24
Description
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages8 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 18.04, 18.10, 19.04
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-xmpq-jcv6-q64p: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit↗2022-05-24
OSV▶
CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit↗2019-04-24
CVEList▶
CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit↗2019-04-24