CVE-2019-14821
high-risk
Published 2019-09-19
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Do I need to act?
-
0.11% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
References (58)
Third Party Advisory
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LS...
Third Party Advisory
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackwar...
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3978
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3979
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4154
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4256
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0027
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
Mailing List
https://seclists.org/bugtraq/2019/Nov/11
Issue Tracking
https://seclists.org/bugtraq/2019/Sep/41
and 38 more references
52
/ 100
high-risk
Severity
27/34 · High
Exploitability
0/34 · Minimal
Exposure
25/34 · High