Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2019-14835

Published: 17/09/2019 Updated: 15/12/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 5.3

linux linux kernel

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

fedoraproject fedora 29

fedoraproject fedora 30

opensuse leap 15.0

opensuse leap 15.1

netapp aff_a700s_firmware -

netapp h410c_firmware -

netapp h610s_firmware -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp steelstore cloud integrated storage -

netapp service processor -

netapp data availability services -

netapp solidfire -

netapp hci management node -

redhat enterprise linux desktop 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.2

redhat enterprise linux server 7.0

redhat enterprise linux server aus 6.6

redhat enterprise linux server aus 6.5

redhat enterprise linux for real time 7

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server tus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat openshift container platform 3.11

redhat enterprise linux eus 7.6

redhat enterprise linux server 7.6

redhat enterprise linux 8.0

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

redhat enterprise linux for real time 8

redhat virtualization 4.0

redhat virtualization_host 4.0

huawei manageone 6.5.0

huawei imanager neteco 6000 v600r008c10spc300

huawei imanager neteco 6000 v600r008c20

huawei imanager neteco v600r009c00

huawei imanager neteco v600r009c10spc200

huawei manageone 6.5.0.spc100.b210

huawei manageone 6.5.1rc1.b060

huawei manageone 6.5.1rc1.b080

huawei manageone 6.5.rc2.b050

Vendor Advisories

Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-gke-5.0, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-lts-trusty, linux-lts-xenial vulnerabilities
Several security issues were fixed in the Linux kernel ...
Debian Security Advisories: DSA-4531-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel A local attacker permitted to access /dev/kvm cou ...
Amazon Linux 2: ALAS2-2019-1293
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process An unprivileged host user or process w ...
Amazon Linux AMI: ALAS-2019-1293
An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process An unprivileged host user or process w ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: kernel-alt security update
Synopsis Important: kernel-alt security update Type/Severity Security Advisory: Important Topic An update for kernel-alt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Important: redhat-virtualization-host security update
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 42 for Red Hat Enterprise Linux 76 EUSRed Hat Product Security has ra ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for RHEL-76Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which g ...
Red Hat: Important: redhat-virtualization-host security update
Synopsis Important: redhat-virtualization-host security update Type/Severity Security Advisory: Important Topic An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this ...
Red Hat: Important: kernel-rt security update
Synopsis Important: kernel-rt security update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base sc ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Sol ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: kernel security update
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: kpatch-patch security update
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services ...
Red Hat: CVE-2019-14835
Impact: Important Public Date: 2019-09-17 CWE: CWE-120 Bugzilla: 1750727: CVE-2019-14835 kernel: vhost- ...
Huawei Security Advisories: Security Advisory - Buffer Overflow Vulnerability in QEMU-KVM
There is a buffer overflow vulnerability in the vhost module of QEMU-KVM During the hot migration of the target VM, an attacker with guest user account may send descriptors with invalid length to the affected host to exploit this vulnerability Successfully exploited may cause the kernel buffer overflow and triggered to VM escape (Vulnerability I ...

Mailing Lists

Full Disclosure: Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: CVE-2019-14835: QEMU-KVM Guest to Host Kernel Escape Vulnerability: vhost/vhost_net kernel buffer overflow <!--X-Subject-H ...

Recent Articles

How to break out of a hypervisor: Abuse Qemu-KVM on-Linux pre-5.3 – or VMware with an AMD driver
The Register • Shaun Nichols in San Francisco • 18 Sep 2019

Pair of bug reports show how VM escapes put servers at risk

A pair of newly disclosed security flaws could allow malicious virtual machine guests to break out of their hypervisor's walled gardens and execute malicious code on the host box. Both CVE-2019-14835 and CVE-2019-5049 are not particularly easy to exploit as they require specific types of hardware or events to occur. However, if successful, either could allow a miscreant to run malware on the host from a VM instance. CVE-2019-14835 was discovered and reported by Peter Pi, a member of the Tencent ...

Read more...

References

CWE-120https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835https://www.openwall.com/lists/oss-security/2019/09/17/1https://usn.ubuntu.com/4135-2/https://access.redhat.com/errata/RHSA-2019:2828https://access.redhat.com/errata/RHSA-2019:2827https://access.redhat.com/errata/RHSA-2019:2830https://access.redhat.com/errata/RHSA-2019:2829https://access.redhat.com/errata/RHSA-2019:2854https://access.redhat.com/errata/RHSA-2019:2863https://access.redhat.com/errata/RHSA-2019:2862https://access.redhat.com/errata/RHSA-2019:2865https://access.redhat.com/errata/RHSA-2019:2864https://access.redhat.com/errata/RHSA-2019:2866https://access.redhat.com/errata/RHSA-2019:2867https://access.redhat.com/errata/RHSA-2019:2869http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.htmlhttp://www.openwall.com/lists/oss-security/2019/09/24/1https://access.redhat.com/errata/RHSA-2019:2889http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.htmlhttps://seclists.org/bugtraq/2019/Sep/41https://www.debian.org/security/2019/dsa-4531https://lists.debian.org/debian-lts-announce/2019/09/msg00025.htmlhttps://access.redhat.com/errata/RHSA-2019:2900https://access.redhat.com/errata/RHSA-2019:2901https://access.redhat.com/errata/RHSA-2019:2899https://access.redhat.com/errata/RHSA-2019:2924https://usn.ubuntu.com/4135-1/https://lists.debian.org/debian-lts-announce/2019/10/msg00000.htmlhttp://www.openwall.com/lists/oss-security/2019/10/03/1http://www.openwall.com/lists/oss-security/2019/10/09/3http://www.openwall.com/lists/oss-security/2019/10/09/7https://access.redhat.com/errata/RHBA-2019:2824http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.htmlhttps://security.netapp.com/advisory/ntap-20191031-0005/https://seclists.org/bugtraq/2019/Nov/11http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-enhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/https://nvd.nist.govhttps://usn.ubuntu.com/4135-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook