{"containers": {"cna": {"affected": [{"product": "Linux kernel", "vendor": "Linux Kernel", "versions": [{"status": "affected", "version": "from version 2.6.34 to 5.2.x"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-01-15T12:06:07", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"}, {"name": "USN-4135-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4135-2/"}, {"name": "FEDORA-2019-e3010166bd", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"}, {"name": "RHSA-2019:2827", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2827"}, {"name": "RHSA-2019:2828", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2828"}, {"name": "RHSA-2019:2830", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2830"}, {"name": "RHSA-2019:2829", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2829"}, {"name": "RHSA-2019:2854", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2854"}, {"name": "RHSA-2019:2862", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2862"}, {"name": "RHSA-2019:2863", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2863"}, {"name": "RHSA-2019:2866", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2866"}, {"name": "RHSA-2019:2864", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2864"}, {"name": "RHSA-2019:2865", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2865"}, {"name": "RHSA-2019:2867", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2867"}, {"name": "RHSA-2019:2869", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2869"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"}, {"name": "[oss-security] 20190924 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"}, {"name": "openSUSE-SU-2019:2173", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"}, {"name": "RHSA-2019:2889", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2889"}, {"name": "openSUSE-SU-2019:2181", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"}, {"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"}, {"name": "20190925 [SECURITY] [DSA 4531-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/41"}, {"name": "DSA-4531", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4531"}, {"name": "RHSA-2019:2900", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2900"}, {"name": "RHSA-2019:2901", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2901"}, {"name": "RHSA-2019:2899", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2899"}, {"name": "RHSA-2019:2924", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2924"}, {"name": "USN-4135-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4135-1/"}, {"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"}, {"name": "FEDORA-2019-a570a92d5a", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"}, {"name": "[oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"}, {"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"}, {"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"}, {"name": "RHBA-2019:2824", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:2824"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/11"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:26:39.157Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"}, {"name": "USN-4135-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4135-2/"}, {"name": "FEDORA-2019-e3010166bd", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"}, {"name": "RHSA-2019:2827", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2827"}, {"name": "RHSA-2019:2828", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2828"}, {"name": "RHSA-2019:2830", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2830"}, {"name": "RHSA-2019:2829", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2829"}, {"name": "RHSA-2019:2854", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2854"}, {"name": "RHSA-2019:2862", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2862"}, {"name": "RHSA-2019:2863", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2863"}, {"name": "RHSA-2019:2866", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2866"}, {"name": "RHSA-2019:2864", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2864"}, {"name": "RHSA-2019:2865", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2865"}, {"name": "RHSA-2019:2867", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2867"}, {"name": "RHSA-2019:2869", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2869"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"}, {"name": "[oss-security] 20190924 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"}, {"name": "openSUSE-SU-2019:2173", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"}, {"name": "RHSA-2019:2889", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2889"}, {"name": "openSUSE-SU-2019:2181", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"}, {"name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1930-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"}, {"name": "20190925 [SECURITY] [DSA 4531-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/41"}, {"name": "DSA-4531", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4531"}, {"name": "RHSA-2019:2900", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2900"}, {"name": "RHSA-2019:2901", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2901"}, {"name": "RHSA-2019:2899", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2899"}, {"name": "RHSA-2019:2924", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2924"}, {"name": "USN-4135-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4135-1/"}, {"name": "[debian-lts-announce] 20191001 [SECURITY] [DLA 1940-1] linux-4.9 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"}, {"name": "FEDORA-2019-a570a92d5a", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"}, {"name": "[oss-security] 20191003 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"}, {"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"}, {"name": "[oss-security] 20191009 Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"}, {"name": "RHBA-2019:2824", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:2824"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"name": "20191108 [slackware-security] Slackware 14.2 kernel (SSA:2019-311-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-14835", "datePublished": "2019-09-17T15:09:37", "dateReserved": "2019-08-10T00:00:00", "dateUpdated": "2024-08-05T00:26:39.157Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "86915AE6-B1BF-4707-934A-4D9C4C8D055A", "versionEndExcluding": "3.16.74", "versionStartIncluding": "2.6.34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C7DCE8F-B46F-4805-8149-EC96FA1AE7C0", "versionEndExcluding": "4.4.193", "versionStartIncluding": "4.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1E6AA2E-1B41-4254-BF88-FFBBD289D6F5", "versionEndExcluding": "4.9.193", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B03599FC-6BB3-49F9-9FD8-1EB0A1194233", "versionEndExcluding": "4.14.144", "versionStartIncluding": "4.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C302EBC-2256-44A4-8BD3-5BCB2FA5F6F6", "versionEndExcluding": "4.19.73", "versionStartIncluding": "4.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FA36BC1-A7F2-44F3-930A-EAF173B9E604", "versionEndExcluding": "5.2.15", "versionStartIncluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "CF8AA5A5-E882-4063-B2BB-C2268685060E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:aff_a700s:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F92D596-810D-414E-8AF9-1EC271648D16", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:aff_a700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "952F55C9-7E7C-4539-9D08-E736B3488569", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D96CBB4-2B07-4E8C-AFBD-32A5470ED1F6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h610s:*:*:*:*:*:*:*:*", "matchCriteriaId": "80A6BDDA-17BE-4EE5-BEFC-F24235A3C9F3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7CFE0E-9D1E-4495-B302-89C3096FC0DF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4F5761B-B747-4110-9849-B6D4C14B24A6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:*:*:*:*:*:*:*:*", "matchCriteriaId": "09B76C01-3DA1-461D-98F2-4858AF542D84", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D3E5A63-DA59-4582-9D38-26E9225B0BA0", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300e:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EEA523F-E92B-459F-9811-1E71EA9FF362", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500e:*:*:*:*:*:*:*:*", "matchCriteriaId": "4738C27A-A24C-44E0-96DF-81812473ECC7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700e:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5EBA781-49D3-4CBB-914E-8A56D61FC322", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:*:*:*:*:*:*:*:*", "matchCriteriaId": "D033CBC9-59FE-48D6-9D30-C4895FB957B8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*", "matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*", "matchCriteriaId": "C2B15608-BABC-4663-A58F-B74BD2D1A734", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", "matchCriteriaId": "CBF9BCF3-187F-410A-96CA-9C47D3ED6924", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:imanager_neteco:v600r009c00:*:*:*:*:*:*:*", "matchCriteriaId": "E5B6EEA9-4E22-49F8-97E3-10E56EA8CBE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:imanager_neteco:v600r009c10spc200:*:*:*:*:*:*:*", "matchCriteriaId": "AD2E60B0-BE2D-4ABF-9F1A-07FA98F5743E", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:imanager_neteco_6000:v600r008c10spc300:*:*:*:*:*:*:*", "matchCriteriaId": "75DEAA37-7889-4FE6-B606-BB354625231B", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:imanager_neteco_6000:v600r008c20:*:*:*:*:*:*:*", "matchCriteriaId": "AE14BF0B-0641-4CB2-A9B9-8AAE5AAAB6E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "B85321E0-8B1B-452B-A1AE-D8BB85C18CE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.0.spc100.b210:*:*:*:*:*:*:*", "matchCriteriaId": "A042DB25-3D29-4C0A-89C7-70E53AB5A78A", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1rc1.b060:*:*:*:*:*:*:*", "matchCriteriaId": "B07551BB-2540-403E-83DC-E61BCFA15046", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1rc1.b080:*:*:*:*:*:*:*", "matchCriteriaId": "A42D0C34-C616-4AE5-853D-1353DC2C26A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.rc2.b050:*:*:*:*:*:*:*", "matchCriteriaId": "58E84BB6-76BA-4833-83C3-2DA35E8DB7C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de desbordamiento de b\u00fafer, en las versiones desde 2.6.34 hasta 5.2.x, en la manera en que la funcionalidad vhost del kernel de Linux que traduce los b\u00faferes virtueue en IOV, registraba los descriptores del b\u00fafer durante una migraci\u00f3n. Un usuario invitado privilegiado capaz de pasar descriptores con una longitud no v\u00e1lida hacia el host cuando la migraci\u00f3n est\u00e1 en marcha, podr\u00eda usar este fallo para aumentar sus privilegios sobre el host."}], "id": "CVE-2019-14835", "lastModified": "2023-12-15T15:29:09.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.6, "impactScore": 6.0, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-17T16:15:10.980", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2019/09/24/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/03/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/09/3"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/10/09/7"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:2824"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2827"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2828"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2829"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2830"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2854"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2862"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2863"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2864"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2865"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2866"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2867"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2869"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2889"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2899"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2900"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2901"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2924"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/11"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/41"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20191031-0005/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4135-1/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4135-2/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4531"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2019/09/17/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Peter Pi (Tencent Blade Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:2863", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.23.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2901", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "kernel-0:2.6.32-431.96.2.el6", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-09-25T00:00:00Z"}, {"advisory": "RHSA-2019:2869", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "kernel-0:2.6.32-504.81.2.el6", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2830", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1062.1.2.rt56.1025.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2829", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1062.1.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2854", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-09-21T00:00:00Z"}, {"advisory": "RHSA-2019:2862", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.13.1.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2899", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.82.1.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-09-25T00:00:00Z"}, {"advisory": "RHSA-2019:2899", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "kernel-0:3.10.0-327.82.1.el7", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-09-25T00:00:00Z"}, {"advisory": "RHSA-2019:2899", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "kernel-0:3.10.0-327.82.1.el7", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-09-25T00:00:00Z"}, {"advisory": "RHSA-2019:2900", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.69.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-09-25T00:00:00Z"}, {"advisory": "RHSA-2019:2900", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "kernel-0:3.10.0-514.69.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-09-25T00:00:00Z"}, {"advisory": "RHSA-2019:2900", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "kernel-0:3.10.0-514.69.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-09-25T00:00:00Z"}, {"advisory": "RHSA-2019:2867", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2867", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "kernel-0:3.10.0-693.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2867", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "kernel-0:3.10.0-693.59.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2866", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "kernel-0:3.10.0-862.41.2.el7", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2864", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "kernel-0:3.10.0-957.35.2.el7", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2865", "cpe": "cpe:/o:redhat:rhel_eus:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2828", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-80.11.2.rt9.157.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2827", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-80.11.2.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-09-20T00:00:00Z"}, {"advisory": "RHSA-2019:2864", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "kernel-0:3.10.0-957.35.2.el7", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-09-23T00:00:00Z"}, {"advisory": "RHSA-2019:2924", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.2-20190919.0.el7_6", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-09-27T00:00:00Z"}, {"advisory": "RHSA-2019:2889", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.5-20190920.0.el7_7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: vhost-net: guest to host kernel escape during migration", "id": "1750727", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1750727"}, "csaw": true, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.", "A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. In the worst case (and likely most common virtualization) scenario this flaw affects KVM/qemu hypervisor enabled hosts running Linux guests."], "mitigation": {"lang": "en:us", "value": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost"}, "name": "CVE-2019-14835", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-09-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-14835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14835\nhttps://access.redhat.com/security/vulnerabilities/kernel-vhost\nhttps://www.openwall.com/lists/oss-security/2019/09/17/1"], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost", "threat_severity": "Important"}