CVE-2019-3887

EPSS 0.04%
Veröffentlicht 09.04.2019 16:29:01
Zuletzt bearbeitet 21.11.2024 04:42:48
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 11

NVD 19 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.16

Fedoraproject ≫ Fedora Version29

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version19.04

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Eus Version8.1

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux For Real Time Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Version8

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.4

Redhat ≫ Enterprise Linux For Real Time Tus Version8.2

Redhat ≫ Enterprise Linux For Real Time Tus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.105

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.6	1.1	4	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	4.7	3.4	6.9	AV:L/AC:M/Au:N/C:N/I:N/A:C
secalert@redhat.com	6.7	0.8	5.3	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/errata/RHSA-2019:2703

Third Party Advisory

https://usn.ubuntu.com/3980-1/

Third Party Advisory

https://usn.ubuntu.com/3980-2/

Third Party Advisory

https://usn.ubuntu.com/3979-1/

Third Party Advisory

http://www.securityfocus.com/bid/107850

Third Party Advisory

VDB Entry

https://access.redhat.com/errata/RHSA-2019:2741