Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2019-14835

Related Vulnerabilities: CVE-2019-14835  

Impact: Important Public Date: 2019-09-17 CWE: CWE-120 Bugzilla: 1750727: CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Source
A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Find out more about CVE-2019-14835 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat Product Security is aware of this issue. Updates will be released as they become available.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.2
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity High
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Virtualization 4 redhat-virtualization-host Affected
Red Hat Enterprise Linux 8 kernel Affected
Red Hat Enterprise Linux 8 kernel-rt Affected
Red Hat Enterprise Linux 7 kernel-alt Affected
Red Hat Enterprise Linux 7 kernel Affected
Red Hat Enterprise Linux 7 kernel-rt Affected
Red Hat Enterprise Linux 6 kernel Affected
Red Hat Enterprise Linux 5 kernel Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.

Acknowledgements

Red Hat would like to thank Peter Pi (Tencent Blade Team) for reporting this issue.

Mitigation

Option #1 Disabling vhost-net

Vhost-net functionality can be disabled on per-guest basis. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-network_configuration-disabling_vhost_net.

Alternatively, the kernel module named 'vhost_net' which contains the affected code can be blacklisted using the standard blacklisting techniques. See https://access.redhat.com/solutions/41278 for how to blacklist a kernel module.

Guests utilizing vhost-net functionality need to be rebooted for the changes to take effect.

Option #2 Disabling guest migration

The issue is only exploitable from the guest when migration is underway, so avoiding migration by either disabling automatic migration completely or not migrating the guests manually is an effective way to avoid exploitation.

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started