CVE-2019-7221

moderate-risk

Published 2019-03-21

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (19)

Linux Kernel

Leap

Fedora

Debian Linux

Ubuntu Linux

Active Iq Performance Analytics Services

Element Software Management Node

Openshift Container Platform

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Server Tus

Enterprise Linux Workstation

Affected Vendors

Debian Redhat Linux Canonical Fedoraproject Netapp Opensuse

References (48)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html

Third Party Advisory http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-F...

Mailing List http://www.openwall.com/lists/oss-security/2019/02/18/2

Third Party Advisory https://access.redhat.com/errata/RHBA-2019:0959

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0818

Third Party Advisory https://access.redhat.com/errata/RHSA-2019:0833

https://access.redhat.com/errata/RHSA-2019:3967

https://access.redhat.com/errata/RHSA-2019:4058

Exploit https://bugs.chromium.org/p/project-zero/issues/detail?id=1760

Mailing List https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ec...

Third Party Advisory https://github.com/torvalds/linux/commits/master/arch/x86/kvm

Mailing List https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html

Mailing List https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html

Mailing List https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.netapp.com/advisory/ntap-20190404-0002/

https://support.f5.com/csp/article/K08413011

Third Party Advisory https://usn.ubuntu.com/3930-1/

Third Party Advisory https://usn.ubuntu.com/3930-2/

and 28 more references

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 19/34 · Moderate