CVE-2019-14835
high-risk
Published 2019-09-17
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (20)
References (80)
Third Party Advisory
http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LS...
Third Party Advisory
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LS...
Third Party Advisory
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackwar...
Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en
Third Party Advisory
https://access.redhat.com/errata/RHBA-2019:2824
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2827
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2828
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2829
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2830
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2854
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2862
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2863
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2864
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2865
and 60 more references
51
/ 100
high-risk
Severity
24/34 · High
Exploitability
0/34 · Minimal
Exposure
27/34 · High