CVE-2019-14835
17.09.2019, 16:15
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.34 ≤ 𝑥 < 3.16.74 |
| linux | linux_kernel | 4.4 ≤ 𝑥 < 4.4.193 |
| linux | linux_kernel | 4.9 ≤ 𝑥 < 4.9.193 |
| linux | linux_kernel | 4.14 ≤ 𝑥 < 4.14.144 |
| linux | linux_kernel | 4.19 ≤ 𝑥 < 4.19.73 |
| linux | linux_kernel | 5.2 ≤ 𝑥 < 5.2.15 |
| linux | linux_kernel | 5.3 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.04 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| debian | debian_linux | 10.0 |
| opensuse | leap | 15.0 |
| opensuse | leap | 15.1 |
| netapp | aff_a700s_firmware | - |
| netapp | h410c_firmware | - |
| netapp | h610s_firmware | - |
| netapp | h300s_firmware | - |
| netapp | h500s_firmware | - |
| netapp | h700s_firmware | - |
| netapp | h300e_firmware | - |
| netapp | h500e_firmware | - |
| netapp | h700e_firmware | - |
| netapp | h410s_firmware | - |
| netapp | data_availability_services | - |
| netapp | hci_management_node | - |
| netapp | service_processor | - |
| netapp | solidfire | - |
| netapp | steelstore_cloud_integrated_storage | - |
| redhat | openshift_container_platform | 3.11 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_eus | 7.5 |
| redhat | enterprise_linux_eus | 7.6 |
| redhat | enterprise_linux_eus | 7.7 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server | 7.6 |
| redhat | enterprise_linux_server_aus | 6.5 |
| redhat | enterprise_linux_server_aus | 6.6 |
| redhat | enterprise_linux_server_aus | 7.2 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_aus | 7.6 |
| redhat | enterprise_linux_server_aus | 7.7 |
| redhat | enterprise_linux_server_tus | 7.2 |
| redhat | enterprise_linux_server_tus | 7.3 |
| redhat | enterprise_linux_server_tus | 7.4 |
| redhat | enterprise_linux_server_tus | 7.6 |
| redhat | enterprise_linux_server_tus | 7.7 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | virtualization | 4.0 |
| redhat | virtualization_host | 4.0 |
| huawei | manageone | 6.5.0 |
| huawei | manageone | 6.5.0.spc100.b210:spc100.b210 |
| huawei | manageone | 6.5.1rc1.b060:rc1.b060 |
| huawei | manageone | 6.5.1rc1.b080:rc1.b080 |
| huawei | manageone | 6.5.rc2.b050:rc2.b050 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||
| linux-aws |
| ||||||||||
| linux-aws-5.0 |
| ||||||||||
| linux-aws-hwe |
| ||||||||||
| linux-azure |
| ||||||||||
| linux-azure-5.3 |
| ||||||||||
| linux-azure-edge |
| ||||||||||
| linux-gcp |
| ||||||||||
| linux-gcp-5.3 |
| ||||||||||
| linux-gcp-edge |
| ||||||||||
| linux-gke-4.15 |
| ||||||||||
| linux-gke-5.0 |
| ||||||||||
| linux-hwe |
| ||||||||||
| linux-hwe-edge |
| ||||||||||
| linux-kvm |
| ||||||||||
| linux-lts-trusty |
| ||||||||||
| linux-lts-xenial |
| ||||||||||
| linux-oem |
| ||||||||||
| linux-oem-5.4 |
| ||||||||||
| linux-oem-osp1 |
| ||||||||||
| linux-oracle |
| ||||||||||
| linux-oracle-5.0 |
| ||||||||||
| linux-raspi2 |
| ||||||||||
| linux-raspi2-5.3 |
| ||||||||||
| linux-snapdragon |
|
References