CVE-2019-14821 Vulnerability Details

  /     /     /  

CVE-2019-14821 Metadata Quick Info

CVE Published: 19/09/2019 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: redhat | Vendor: Linux | Product: Kernel
Status : PUBLISHED

---

CVE-2019-14821 Description

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel\'s KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer \'struct kvm_coalesced_mmio\' object, wherein write indices \'ring->first\' and \'ring->last\' value could be supplied by a host user-space process. An unprivileged host user or process with access to \'/dev/kvm\' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-787
CWE Name: CWE-787
Source: Linux

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).