Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2019-14821

Published: 1 October 2019

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

From the Ubuntu Security Team

Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash).

Notes

AuthorNote
tyhicks
An attacker needs write access to the /dev/kvm device file to exploit
this flaw. By default, Ubuntu users don't have privileges to write to
/dev/kvm. This is true even when libvirt is installed and in use.

Mitigation

Ensure that untrusted users cannot write to the /dev/kvm device

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
linux-aws-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1021.24~18.04.1)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-azure
Launchpad, Ubuntu, Debian
disco
Released (5.0.0-1023.24)
eoan Not vulnerable
(5.3.0-1002.2)
focal Not vulnerable
(5.4.0-1006.6)
bionic
Released (5.0.0-1023.24~18.04.1)
trusty
Released (4.15.0-1061.66~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (5.4~rc1)
xenial
Released (4.15.0-1061.66)
linux-azure-5.3
Launchpad, Ubuntu, Debian
eoan Does not exist

focal Does not exist

bionic Not vulnerable
(5.3.0-1007.8~18.04.1)
disco Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-gcp-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1008.9~18.04.1)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-gke-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1011.12~18.04.1)
eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-66.75)
disco
Released (5.0.0-32.34)
eoan Not vulnerable
(5.3.0-17.18)
focal Not vulnerable
(5.4.0-9.12)
trusty Ignored
(was needed ESM criteria)
upstream
Released (5.4~rc1)
xenial
Released (4.4.0-166.195)
Patches:
Introduced by

5f94c1741bdc7a336553122036e8a779e616ccbf

Fixed by b60fe990c6b07ef6d4df67bc0530c7c90a62623a
linux-aws
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1052.54)
disco
Released (5.0.0-1019.21)
eoan Not vulnerable
(5.3.0-1003.3)
focal Not vulnerable
(5.4.0-1005.5)
trusty
Released (4.4.0-1056.60)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (5.4~rc1)
xenial
Released (4.4.0-1096.107)
linux-aws-hwe
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.15.0-1052.54~16.04.1)
linux-azure-edge
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1023.24~18.04.1)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.15.0-1061.66)
linux-gcp
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1021.21~18.04.1)
disco
Released (5.0.0-1021.21)
eoan Not vulnerable
(5.3.0-1003.3)
focal Not vulnerable
(5.4.0-1005.5)
trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.15.0-1047.50)
linux-gcp-edge
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1021.21~18.04.1)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-gke-4.15
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1046.49)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-gke-5.0
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1023.23~18.04.2)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-32.34~18.04.2)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.15.0-66.75~16.04.1)
linux-hwe-edge
Launchpad, Ubuntu, Debian
bionic Ignored
(end of life, was pending)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.15.0-66.75~16.04.1)
linux-kvm
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1048.48)
disco
Released (5.0.0-1020.21)
eoan Not vulnerable
(5.3.0-1003.3)
focal Not vulnerable
(5.4.0-1004.4)
trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.4.0-1060.67)
linux-lts-trusty
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

eoan Does not exist

focal Does not exist

trusty
Released (4.4.0-166.195~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
upstream
Released (5.4~rc1)
xenial Does not exist

linux-oem
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1059.68)
disco Ignored
(end of life)
eoan
Released (4.15.0-1059.68)
focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Ignored
(end of standard support, was needs-triage)
linux-oem-5.6
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Does not exist

focal Not vulnerable
(5.4.0-1002.4)
trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-oem-osp1
Launchpad, Ubuntu, Debian
bionic
Released (5.0.0-1025.28)
disco Ignored
(end of life)
eoan
Released (5.0.0-1025.28)
focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-oracle
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1027.30)
disco Ignored
(end of life, was pending)
eoan Not vulnerable
(5.3.0-1002.2)
focal Not vulnerable
(5.4.0-1005.5)
trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.15.0-1027.30~16.04.1)
linux-oracle-5.0
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.0.0-1007.12~18.04.1)
disco Does not exist

eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-oracle-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1011.12~18.04.1)
eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1049.53)
disco
Released (5.0.0-1020.20)
eoan Not vulnerable
(5.3.0-1006.7)
focal Not vulnerable
(5.4.0-1004.4)
trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.4.0-1124.133)
linux-raspi2-5.3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(5.3.0-1017.19~18.04.1)
eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial Does not exist

linux-snapdragon
Launchpad, Ubuntu, Debian
bionic
Released (4.15.0-1066.73)
disco
Released (5.0.0-1024.25)
eoan Does not exist

focal Does not exist

trusty Does not exist

upstream
Released (5.4~rc1)
xenial
Released (4.4.0-1128.136)

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Changed
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H