[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-3882Date: (C)2019-06-19   (M)2024-04-19


A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 4.9
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
https://seclists.org/bugtraq/2019/Aug/18
DSA-4497
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:3309
RHSA-2019:3517
USN-3979-1
USN-3980-1
USN-3980-2
USN-3981-1
USN-3981-2
USN-3982-1
USN-3982-2
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882
https://security.netapp.com/advisory/ntap-20190517-0005/
openSUSE-SU-2019:1404
openSUSE-SU-2019:1407
openSUSE-SU-2019:1479

CPE    3
cpe:/o:linux:linux_kernel:3.10
cpe:/o:linux:linux_kernel:4.14
cpe:/o:fedoraproject:fedora
CWE    1
CWE-400
OVAL    33
oval:org.secpod.oval:def:1504160
oval:org.secpod.oval:def:503399
oval:org.secpod.oval:def:66475
oval:org.secpod.oval:def:89050794
...

© SecPod Technologies