Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2019-19332

Published: 09/01/2020 Updated: 12/02/2023
CVSS v2 Base Score: 5.6 | Impact Score: 7.8 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.1 | Impact Score: 4.2 | Exploitability Score: 1.8
VMScore: 498
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:C

Vulnerability Summary

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 up to and including 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

redhat enterprise linux 7.0

redhat enterprise linux 8.0

Vendor Advisories

Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Moderate: kernel-rt security and bug fix update
Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Red Hat: Moderate: kernel security, bug fix, and enhancement update
Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...
Amazon Linux AMI: ALAS-2020-1338
A memory leak in the crypto_report() function in crypto/crypto_user_basec in the Linux kernel through 5311 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042 (CVE-2019-19062) An out-of-bounds memory write issue was found in the Linux Kernel, version 313 through 5 ...
Amazon Linux 2: ALAS2-2020-1392
A memory leak in the crypto_report() function in crypto/crypto_user_basec in the Linux kernel through 5311 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042 (CVE-2019-19062) An out-of-bounds memory write issue was found in the Linux Kernel, version 313 through 5 ...
Ubuntu Security Notice: linux-azure vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-aws-5.0, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities
Several security issues were fixed in the Linux kernel ...

Mailing Lists

Full Disclosure: CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
Hello, It was found by Syzkaller -> lorekernelorg/kvm/000000000000ea5ec20598d90e50 () google com/ 'CVE-2019-19332' was assigned by Red Hat Inc Thank you -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D ...

References

CWE-787https://www.openwall.com/lists/oss-security/2019/12/16/1https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.htmlhttps://lists.debian.org/debian-lts-announce/2020/01/msg00013.htmlhttps://usn.ubuntu.com/4254-1/https://usn.ubuntu.com/4254-2/https://security.netapp.com/advisory/ntap-20200204-0002/https://usn.ubuntu.com/4258-1/https://usn.ubuntu.com/4287-1/https://usn.ubuntu.com/4287-2/https://lists.debian.org/debian-lts-announce/2020/03/msg00001.htmlhttps://usn.ubuntu.com/4284-1/http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.htmlhttps://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:4062https://usn.ubuntu.com/4287-2/https://alas.aws.amazon.com/ALAS-2020-1338.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316firmwareCVE-2024-30078CVE-2024-5995remote code executionlogic flawCVE-2024-20693CVE-2024-37315CVE-2024-5464
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook