CVE-2019-14835 Information

Description

A buffer overflow flaw was found in versions from 2.6.34 to 5.2.x in the way Linux kernel’s vhost functionality that translates virtqueue buffers to IOVs logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway could use this flaw to increase their privileges on the host.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en http://www.openwall.com/lists/oss-security/2019/09/24/1 http://www.openwall.com/lists/oss-security/2019/10/03/1 http://www.openwall.com/lists/oss-security/2019/10/09/3 http://www.openwall.com/lists/oss-security/2019/10/09/7 https://access.redhat.com/errata/RHBA-2019:2824 https://access.redhat.com/errata/RHSA-2019:2827 https://access.redhat.com/errata/RHSA-2019:2828 https://access.redhat.com/errata/RHSA-2019:2829 https://access.redhat.com/errata/RHSA-2019:2830 https://access.redhat.com/errata/RHSA-2019:2854 https://access.redhat.com/errata/RHSA-2019:2862 https://access.redhat.com/errata/RHSA-2019:2863 https://access.redhat.com/errata/RHSA-2019:2864 https://access.redhat.com/errata/RHSA-2019:2865 https://access.redhat.com/errata/RHSA-2019:2866 https://access.redhat.com/errata/RHSA-2019:2867 https://access.redhat.com/errata/RHSA-2019:2869 https://access.redhat.com/errata/RHSA-2019:2889 https://access.redhat.com/errata/RHSA-2019:2899 https://access.redhat.com/errata/RHSA-2019:2900 https://access.redhat.com/errata/RHSA-2019:2901 https://access.redhat.com/errata/RHSA-2019:2924 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835 https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/ https://seclists.org/bugtraq/2019/Nov/11 https://seclists.org/bugtraq/2019/Sep/41 https://security.netapp.com/advisory/ntap-20191031-0005/ https://usn.ubuntu.com/4135-1/ https://usn.ubuntu.com/4135-2/ https://www.debian.org/security/2019/dsa-4531 https://www.openwall.com/lists/oss-security/2019/09/17/1

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8