Vulnerability CVE-2019-19332: Information

Description

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-19332
Published: Jan. 9, 2020
Modified: Feb. 13, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kernel-image-mpsisyphus5.4.4-alt16.8.8-alt1ALT-PU-2019-3343-1243294Fixed
kernel-image-mpp105.4.4-alt16.1.19-alt1ALT-PU-2019-3343-1243294Fixed
kernel-image-mpp95.5.16-alt15.12.16-alt1ALT-PU-2020-1714-1249865Fixed
kernel-image-mpc9f25.5.16-alt15.7.16-alt1ALT-PU-2020-1714-1249865Fixed
kernel-image-rpi-defsisyphus5.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp105.4.51-alt15.15.92-alt2ALT-PU-2020-2410-1254998Fixed
kernel-image-rpi-defp95.4.51-alt25.10.81-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rpi-defc9f25.4.51-alt25.4.61-alt1ALT-PU-2020-2433-1255241Fixed
kernel-image-rpi-unsisyphus5.5.5-alt0.26.6.23-alt1ALT-PU-2020-1421-1247100Fixed
kernel-image-rpi-unp105.5.5-alt0.26.1.77-alt1ALT-PU-2020-1421-1247100Fixed
kernel-image-rpi-unp95.5.5-alt0.35.12.17-alt1ALT-PU-2020-1450-1247310Fixed
kernel-image-rpi-unc9f25.5.5-alt0.35.7.8-alt3ALT-PU-2020-1450-1247310Fixed
kernel-image-rtsisyphus5.10.35-alt1.rt396.1.90-alt2.rt30ALT-PU-2021-1870-1272532Fixed
kernel-image-rtp105.10.35-alt1.rt395.10.216-alt1.rt108ALT-PU-2021-1870-1272532Fixed
kernel-image-std-debugsisyphus4.19.95-alt16.1.91-alt1ALT-PU-2020-1025-1244120Fixed
kernel-image-std-debugc9f24.19.97-alt14.19.102-alt1ALT-PU-2020-1070-1244478Fixed
kernel-image-std-defsisyphus4.19.89-alt16.1.91-alt1ALT-PU-2019-3292-1243014Fixed
kernel-image-std-defp104.19.89-alt15.10.216-alt1ALT-PU-2019-3292-1243014Fixed
kernel-image-std-defp94.19.89-alt15.4.275-alt1ALT-PU-2019-3326-1243015Fixed
kernel-image-std-defp84.9.207-alt0.M80P.14.9.337-alt0.M80P.1ALT-PU-2019-3389-1243389Fixed
kernel-image-std-defc9f24.19.89-alt15.10.214-alt0.c9f.2ALT-PU-2019-3326-1243015Fixed
kernel-image-std-defc74.4.207-alt0.M70C.14.4.277-alt0.M70C.1ALT-PU-2019-3381-1243391Fixed
kernel-image-un-defsisyphus5.4.0-alt16.6.31-alt1ALT-PU-2019-3291-1242001Fixed
kernel-image-un-defp105.4.0-alt16.1.85-alt1ALT-PU-2019-3291-1242001Fixed
kernel-image-un-defp95.4.3-alt15.10.216-alt2ALT-PU-2019-3369-1243020Fixed
kernel-image-un-defp84.19.89-alt0.M80P.14.19.310-alt0.M80P.1ALT-PU-2019-3303-1243021Fixed
kernel-image-un-defc10f15.4.0-alt16.1.85-alt0.c10f.1ALT-PU-2019-3291-1242001Fixed
kernel-image-un-defc9f25.4.3-alt15.10.29-alt2ALT-PU-2019-3369-1243020Fixed
kernel-image-un-defc74.9.277-alt0.M70C.14.9.277-alt0.M70C.1ALT-PU-2021-3032-1281292Fixed
linux-toolssisyphus_e2k5.10-alt1.E2K.15.10-alt1.E2K.3ALT-PU-2023-7771-1-Fixed
linux-toolsp10_e2k5.10-alt1.E2K.15.10-alt1.E2K.1ALT-PU-2023-8360-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.openwall.com/lists/oss-security/2019/12/16/1
  • Exploit
  • Mailing List
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
  • Patch
  • Third Party Advisory
  • VDB Entry
[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update
  • Mailing List
  • Third Party Advisory
USN-4254-1
    USN-4254-2
      https://security.netapp.com/advisory/ntap-20200204-0002/
        USN-4258-1
          USN-4287-1
            USN-4287-2
              [debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update
                USN-4284-1
                  openSUSE-SU-2020:0336
                    https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/

                        1. Configuration 1

                          cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
                          Start including
                          3.13
                          End including
                          5.4

                          Configuration 2

                          cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
                          cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
                      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                      Version: v24.5.1
                      Back to top