CVE-2019-14821
First published: Thu Aug 29 2019(Updated: )
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <0:2.6.32-754.25.1.el6 | 0:2.6.32-754.25.1.el6 |
| redhat/kernel-rt | <0:3.10.0-1062.7.1.rt56.1030.el7 | 0:3.10.0-1062.7.1.rt56.1030.el7 |
| redhat/kernel | <0:3.10.0-1062.7.1.el7 | 0:3.10.0-1062.7.1.el7 |
| redhat/kernel-alt | <0:4.14.0-115.16.1.el7a | 0:4.14.0-115.16.1.el7a |
| redhat/kernel | <0:3.10.0-957.56.1.el7 | 0:3.10.0-957.56.1.el7 |
| redhat/kernel-rt | <0:4.18.0-147.rt24.93.el8 | 0:4.18.0-147.rt24.93.el8 |
| redhat/kernel | <0:4.18.0-147.el8 | 0:4.18.0-147.el8 |
| redhat/kernel | <0:4.18.0-80.15.1.el8_0 | 0:4.18.0-80.15.1.el8_0 |
| Linux Linux kernel | >=2.6.27<=3.15.10 | |
| Linux Linux kernel | >=3.16<3.16.74 | |
| Linux Linux kernel | >=4.4<4.4.194 | |
| Linux Linux kernel | >=4.9<4.9.194 | |
| Linux Linux kernel | >=4.14<4.14.146 | |
| Linux Linux kernel | >=4.19<4.19.75 | |
| Linux Linux kernel | >=5.2<5.2.17 | |
| Linux Linux kernel | >=5.3<5.3.1 | |
| Linux Linux kernel | =5.4-rc1 | |
| Redhat Virtualization Host | =4.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Eus | =7.7 | |
| Redhat Enterprise Linux For Real Time | =7 | |
| Redhat Enterprise Linux For Real Time | =8 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.7 | |
| Redhat Enterprise Linux Server Tus | =7.7 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.04 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| Fedoraproject Fedora | =29 | |
| Fedoraproject Fedora | =30 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| All of | ||
| Netapp Aff A700s Firmware | ||
| NetApp AFF A700s | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| All of | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| All of | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| Netapp Data Availability Services | ||
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Oracle SD-WAN Edge | =7.3 | |
| Oracle SD-WAN Edge | =8.0 | |
| Oracle SD-WAN Edge | =8.1 | |
| Oracle SD-WAN Edge | =8.2 | |
| Netapp Aff A700s Firmware | ||
| NetApp AFF A700s | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Remedy
Restrict access to the '/dev/kvm' device to trusted users.
Remedy
Ensure that untrusted users cannot write to the /dev/kvm device
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2019-14821 https://nvd.nist.gov/vuln/detail/CVE-2019-14821
- https://bugzilla.redhat.com/show_bug.cgi?id=1746708
- https://access.redhat.com/errata/RHSA-2019:4256
- https://access.redhat.com/errata/RHSA-2019:3978
- https://access.redhat.com/errata/RHSA-2019:3979
- https://access.redhat.com/errata/RHSA-2019:4154
- https://access.redhat.com/errata/RHSA-2020:0027
- https://access.redhat.com/errata/RHSA-2020:2851
- https://access.redhat.com/errata/RHSA-2019:3309
- https://access.redhat.com/errata/RHSA-2019:3517
- https://access.redhat.com/errata/RHSA-2020:0204
- https://access.redhat.com/security/cve/cve-2019-14821
- http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://seclists.org/bugtraq/2019/Sep/41
- https://seclists.org/bugtraq/2019/Nov/11
- https://www.debian.org/security/2019/dsa-4531
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRZQQQANZWQMPILZV7OTS3RGGRLLE2Q7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/
- https://usn.ubuntu.com/4157-1/
- https://usn.ubuntu.com/4157-2/
- https://usn.ubuntu.com/4162-1/
- https://usn.ubuntu.com/4162-2/
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html
- https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html
- http://www.openwall.com/lists/oss-security/2019/09/20/1
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14821
- https://security.netapp.com/advisory/ntap-20191004-0001/
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html
- https://launchpad.net/bugs/cve/CVE-2019-14821
- https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=b60fe990c6b07ef6d4df67bc0530c7c90a62623a
- https://www.openwall.com/lists/oss-security/2019/09/20/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1753596
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821
- https://nvd.nist.gov/vuln/detail/CVE-2019-14821
- https://security-tracker.debian.org/tracker/CVE-2019-14821
- https://ubuntu.com/security/CVE-2019-14821
- https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-14821
- agent/first-publish-date
- agent/weakness
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/remedy
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/2.6.27
- version/linux linux kernel/3.15.10
- version/linux linux kernel/3.16
- version/linux linux kernel/4.4
- version/linux linux kernel/4.9
- version/linux linux kernel/4.14
- version/linux linux kernel/4.19
- version/linux linux kernel/5.2
- version/linux linux kernel/5.3
- version/linux linux kernel/5.4-rc1
- vendor/redhat
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/7.7
- canonical/redhat enterprise linux for real time
- version/redhat enterprise linux for real time/7
- version/redhat enterprise linux for real time/8
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.7
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.04
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- version/fedoraproject fedora/30
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/netapp
- canonical/netapp aff a700s firmware
- canonical/netapp aff a700s
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp data availability services
- canonical/netapp hci management node
- canonical/netapp solidfire
- vendor/oracle
- canonical/oracle sd-wan edge
- version/oracle sd-wan edge/7.3
- version/oracle sd-wan edge/8.0
- version/oracle sd-wan edge/8.1
- version/oracle sd-wan edge/8.2
- package-manager/debian