CVE-2019-3882

EPSS 0.08%
Published 24.04.2019 16:29:02
Last modified 21.11.2024 04:42:47
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

Affected products Warnungen 0 Metrics 4 CWE 1 References 24

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version3.10

Linux ≫ Linux Kernel Version4.14

Linux ≫ Linux Kernel Version4.18

Fedoraproject ≫ Fedora

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version19.04

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version42.3

Netapp ≫ Active Iq Unified Manager For Vmware Vsphere Version >= 9.5

Netapp ≫ Hci Management Node Version-

Netapp ≫ Snapprotect Version-

Netapp ≫ Solidfire Version-

Netapp ≫ Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere Version >= 7.2

Netapp ≫ Vasa Provider For Clustered Data Ontap Version >= 7.2

Netapp ≫ Virtual Storage Console For Vmware Vsphere Version >= 7.2

Netapp ≫ Cn1610 Firmware Version-

Netapp ≫ Cn1610 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.243

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C
secalert@redhat.com	4.7	1	3.6	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2019/Aug/18

Third Party Advisory

Mailing List

https://access.redhat.com/errata/RHSA-2019:3517

Third Party Advisory

https://www.debian.org/security/2019/dsa-4497

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:2029

Third Party Advisory