Vulnerability CVE-2019-19332: Information
Description
An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.
Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.openwall.com/lists/oss-security/2019/12/16/1 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332 |
|
http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html |
|
[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update |
|
USN-4254-1 | |
USN-4254-2 | |
https://security.netapp.com/advisory/ntap-20200204-0002/ | |
USN-4258-1 | |
USN-4287-1 | |
USN-4287-2 | |
[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update | |
USN-4284-1 | |
openSUSE-SU-2020:0336 | |
https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/ |