5.5
CVE-2019-3882
- EPSS 0.54%
- Veröffentlicht 24.04.2019 16:29:02
- Zuletzt bearbeitet 21.11.2024 04:42:47
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version3.10
Linux ≫ Linux Kernel Version4.14
Linux ≫ Linux Kernel Version4.18
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
Canonical ≫ Ubuntu Linux Version19.04
Netapp ≫ Active Iq Unified Manager For Vmware Vsphere Version >= 9.5
Netapp ≫ Hci Management Node Version-
Netapp ≫ Snapprotect Version-
Netapp ≫ Vasa Provider For Clustered Data Ontap Version >= 7.2
Netapp ≫ Virtual Storage Console For Vmware Vsphere Version >= 7.2
Netapp ≫ Cn1610 Firmware Version-
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.41 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
| secalert@redhat.com | 4.7 | 1 | 3.6 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
https://seclists.org/bugtraq/2019/Aug/18
https://access.redhat.com/errata/RHSA-2019:3517
https://www.debian.org/security/2019/dsa-4497
https://access.redhat.com/errata/RHSA-2019:2029
https://access.redhat.com/errata/RHSA-2019:2043
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
https://access.redhat.com/errata/RHSA-2019:3309
https://usn.ubuntu.com/3980-1/
https://usn.ubuntu.com/3980-2/
https://usn.ubuntu.com/3981-1/
https://usn.ubuntu.com/3981-2/
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
https://usn.ubuntu.com/3979-1/
https://usn.ubuntu.com/3982-1/
https://usn.ubuntu.com/3982-2/
https://security.netapp.com/advisory/ntap-20190517-0005/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882