A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Information
Published : 2019-04-24 09:29
Updated : 2023-02-12 15:38
NVD link : CVE-2019-3882
Mitre link : CVE-2019-3882
JSON object : View
CWE
CWE-770
Allocation of Resources Without Limits or Throttling
Products Affected
netapp
- vasa_provider_for_clustered_data_ontap
- storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere
- cn1610
- solidfire
- hci_management_node
- active_iq_unified_manager_for_vmware_vsphere
- virtual_storage_console_for_vmware_vsphere
- cn1610_firmware
- snapprotect
fedoraproject
- fedora
canonical
- ubuntu_linux
linux
- linux_kernel
opensuse
- leap
debian
- debian_linux