CVE-2019-18844

{"id": "CVE-2019-18844", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-11-13T20:15:11.020", "references": [{"url": "https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/projectacrn/acrn-hypervisor/issues/3252", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1."}, {"lang": "es", "value": "El modelo de dispositivo en ACRN antes de 2019w25.5-140000p se basa en llamadas de afirmaci\u00f3n en devicemodel / hw / pci / core.c y devicemodel / include / pci_core.h (en lugar de otros mecanismos para propagar informaci\u00f3n de error o informaci\u00f3n de diagn\u00f3stico), lo que podr\u00eda permitir atacantes para causar una denegaci\u00f3n de servicio (falla de aserci\u00f3n) dentro de pci core. Esto se soluciona en 1.2. 6199e653418e es una mitigaci\u00f3n para las versiones anteriores a la versi\u00f3n 1.1, mientras que 2b3dedfb9ba1 es una mitigaci\u00f3n para 1.1."}], "lastModified": "2020-11-09T21:46:29.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:acrn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "230540A5-B9A3-4A5E-9DB3-0AE1785537E4", "versionEndExcluding": "2019w25.5-140000p"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}