CVE-2019-14821

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

CVSS v3.0 8.8 HIGH
CVSS v2.0 7.2 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821	Issue Tracking Mitigation Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/09/20/1	Mailing List Patch Third Party Advisory
https://www.debian.org/security/2019/dsa-4531	Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/41	Issue Tracking Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20191004-0001/	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4157-1/	Third Party Advisory
https://usn.ubuntu.com/4157-2/	Third Party Advisory
https://usn.ubuntu.com/4162-1/	Third Party Advisory
https://usn.ubuntu.com/4163-1/	Third Party Advisory
https://usn.ubuntu.com/4163-2/	Third Party Advisory
https://usn.ubuntu.com/4162-2/	Third Party Advisory
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:3517	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3309	Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/11	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:3978	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3979	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4154	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4256	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0027	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0204	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.4:rc1::::::

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:leap:15.0:::::::*
	cpe:2.3:o:opensuse:leap:15.1:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:29:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*

Configuration 6 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:aff_a700s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 17 (hide)

OR	cpe:2.3:a:netapp:data_availability_services:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:hci_management_node:-:::::::*

Configuration 18 (hide)

OR	cpe:2.3:a:oracle:sd-wan_edge:8.2:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:7.3:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:8.0:::::::*
	cpe:2.3:a:oracle:sd-wan_edge:8.1:::::::*

Information

Published : 2019-09-19 11:15

Updated : 2023-02-12 15:34

NVD link : CVE-2019-14821

Mitre link : CVE-2019-14821

JSON object : View

CWE

CWE-787

Out-of-bounds Write

Products Affected

netapp

h410c_firmware
h500s
h610s_firmware
h610s
aff_a700s
h410s_firmware
h300e_firmware
data_availability_services
h700e_firmware
aff_a700s_firmware
h700s
h410c
solidfire
h500s_firmware
h300s_firmware
h410s
h300e
h700e
h300s
hci_management_node
h500e
h500e_firmware
h700s_firmware

canonical

ubuntu_linux

linux

linux_kernel

redhat

virtualization_host
enterprise_linux
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_for_real_time
enterprise_linux_desktop
enterprise_linux_server_tus
enterprise_linux_server
enterprise_linux_eus

fedoraproject

fedora

debian

debian_linux

oracle

sd-wan_edge

opensuse

leap

8.8 /10