CVE-2019-3882
published 2019-04-24CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.19.37-1 (bookworm) | linux 4.19.37-1 (bookworm) |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.19.37-1 | 4.19.37-1 |
| linux | linux_kernel | >= 0 < 4.4.0-148.174 | 4.4.0-148.174 |
| linux | linux_kernel | >= 0 < 4.15.0-50.54 | 4.15.0-50.54 |
| netapp | active_iq_unified_manager_for_vmware_vsphere | >= 9.5 | — |
| netapp | storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere | >= 7.2 | — |
| netapp | vasa_provider_for_clustered_data_ontap | >= 7.2 | — |
| netapp | virtual_storage_console_for_vmware_vsphere | >= 7.2 | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.6MEDIUM