Main Vulnerability Database Vulnerabilities #VU21257

#VU21257 Buffer overflow in Linux kernel - CVE-2019-14835

Published: September 22, 2019

Vulnerability identifier: #VU21257

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-14835

CWE-ID: CWE-119

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error within the vhost/vhost_net Linux kernel module during the live migration flow when processing dirty log entries. A privileged guest user can pass descriptors with invalid length to the host when migration is on the way, trigger buffer overflow and execute arbitrary code on the host OS.

Remediation

Install updates from vendor's website.

External links

https://www.openwall.com/lists/oss-security/2019/09/17/1
https://github.com/torvalds/linux/commit/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4
https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git/commit/?h=for_linus&id=060423b...

#VU21257 Buffer overflow in Linux kernel - CVE-2019-14835

Description

Remediation

External links

Please verify you're human