CVE-2019-19332

{"id": "CVE-2019-19332", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2020-01-09T15:15:10.623", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html", "source": "secalert@redhat.com"}, {"url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html", "source": "secalert@redhat.com"}, {"url": "https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/", "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20200204-0002/", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/4254-1/", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/4254-2/", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/4258-1/", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/4284-1/", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/4287-1/", "source": "secalert@redhat.com"}, {"url": "https://usn.ubuntu.com/4287-2/", "source": "secalert@redhat.com"}, {"url": "https://www.openwall.com/lists/oss-security/2019/12/16/1", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 un problema de escritura de memoria fuera de l\u00edmites en el kernel de Linux, versiones 3.13 hasta 5.4, en la manera en que el hipervisor KVM del kernel de Linux manej\u00f3 la petici\u00f3n \"KVM_GET_EMULATED_CPUID\" ioctl(2) para obtener las funcionalidades de CPUID emuladas por el hipervisor KVM. Un usuario o proceso capaz de acceder al dispositivo \"/dev/kvm\" podr\u00eda usar este fallo para bloquear el sistema, resultando en una denegaci\u00f3n de servicio."}], "lastModified": "2023-02-12T23:37:11.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52C0AE8C-3A02-4B84-89B2-48EFADBDE7FD", "versionEndIncluding": "5.4", "versionStartIncluding": "3.13"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}