SB2019091918 - Privilege escalation in Linux kernel KVM hypervisor
Published: September 19, 2019 Updated: September 30, 2019
Security Bulletin ID
SB2019091918
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2019-14821)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the KVM coalesced MMIO support functionality due to incorrect processing of shared indexes. A local user can run a specially crafted application to trigger an out-of-bounds write error and write data to arbitrary address in the kernel memory.
Successful vulnerability exploitation may allow an attacker to execute arbitrary code on the system with root privileges.
Remediation
Install update from vendor's website.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.1
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.17
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.194
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.194
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.75
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.146
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4