Published: 09/01/2020 Updated: 12/02/2023

CVSS v2 Base Score: 5.6 | Impact Score: 7.8 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.1 | Impact Score: 4.2 | Exploitability Score: 1.8

VMScore: 498

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:C

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 up to and including 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux 7.0
redhat enterprise linux 8.0

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...

Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

A memory leak in the crypto_report() function in crypto/crypto_user_basec in the Linux kernel through 5311 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042 (CVE-2019-19062) An out-of-bounds memory write issue was found in the Linux Kernel, version 313 through 5 ...

Several security issues were fixed in the Linux kernel ...

oss-sec mailing list archives   By Date By Thread </form>    CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid   ...

CWE-787 https://www.openwall.com/lists/oss-security/2019/12/16/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332 http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html https://usn.ubuntu.com/4254-1/https://usn.ubuntu.com/4254-2/https://security.netapp.com/advisory/ntap-20200204-0002/https://usn.ubuntu.com/4258-1/https://usn.ubuntu.com/4287-1/https://usn.ubuntu.com/4287-2/https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://usn.ubuntu.com/4284-1/http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:4062 https://usn.ubuntu.com/4287-2/https://alas.aws.amazon.com/AL2/ALAS-2020-1392.html

CVE-2019-19332

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect