CVE-2019-7222 — MEDIUM (5.5)

Q: What is CVE-2019-7222?

CVE-2019-7222 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

Q: How severe is CVE-2019-7222?

CVE-2019-7222 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-7222?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Opensuse Leap, Debian Debian Linux, Canonical Ubuntu Linux.

Vulnerability Description

The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.20.5
Fedoraproject	Fedora	28
Opensuse	Leap	15.0
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04
Netapp	Active Iq Performance Analytics Services	-
Netapp	Element Software Management Node	-
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux For Real Time	7
Redhat	Enterprise Linux For Real Time For Nfv	7
Redhat	Enterprise Linux For Real Time For Nfv Tus	8.2
Redhat	Enterprise Linux For Real Time Tus	8.2
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.2
Redhat	Enterprise Linux Workstation	7.0

References

http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.htmlBroken LinkMailing ListThird Party Advisory
http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-UninitialiThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2019/02/18/2Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/106963Broken LinkThird Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2019:2029Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2043Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1759ExploitPatchThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35PatchVendor Advisory
https://github.com/torvalds/linux/commits/master/arch/x86/kvmThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2019-7222?

CVE-2019-7222 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

How severe is CVE-2019-7222?

CVE-2019-7222 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-7222?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Opensuse Leap, Debian Debian Linux, Canonical Ubuntu Linux.