CVE-2019-14835 — HIGH (7.8)

Q: How severe is CVE-2019-14835?

CVE-2019-14835 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-14835?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap.

Vulnerability Description

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.34, < 3.16.74
Canonical	Ubuntu Linux	12.04
Debian	Debian Linux	8.0
Fedoraproject	Fedora	29
Opensuse	Leap	15.0
Netapp	Aff A700S Firmware	-
Netapp	Aff A700S	All versions
Netapp	H410C Firmware	-
Netapp	H410C	All versions
Netapp	H610S Firmware	-
Netapp	H610S	All versions
Netapp	H300S Firmware	-
Netapp	H300S	All versions
Netapp	H500S Firmware	-
Netapp	H500S	All versions
Netapp	H700S Firmware	-
Netapp	H700S	All versions
Netapp	H300E Firmware	-
Netapp	H300E	All versions
Netapp	H500E Firmware	-

Related Weaknesses (CWE)

CWE-120

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-SlackwarThird Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-enThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/09/24/1Mailing List
http://www.openwall.com/lists/oss-security/2019/10/03/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/09/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/09/7Mailing ListThird Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2827Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2828Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2829Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2830Third Party Advisory

FAQ

What is CVE-2019-14835?

CVE-2019-14835 is a vulnerability with a CVSS score of 7.8 (HIGH). A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migrat...

How severe is CVE-2019-14835?

CVE-2019-14835 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14835?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap.