CVE-2019-14835
Published: 17 September 2019
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
From the Ubuntu Security Team
Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS.
Priority
High
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-64.73)
|
| disco |
Released
(5.0.0-29.31)
|
|
| eoan |
Not vulnerable
(5.3.0-12.13)
|
|
| precise |
Released
(3.2.0-143.190)
|
|
| trusty |
Released
(3.13.0-173.224)
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.4.0-164.192)
|
|
|
Patches: Introduced by 3a4d5c94e959359ece6d6b55045c3f046677f55c |
||
|
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.52)
|
| disco |
Released
(5.0.0-1016.18)
|
|
| eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.4.0-1054.58)
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.4.0-1094.105)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.15.0-1050.52~16.04.1)
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1020.21~18.04.1)
|
| disco |
Released
(5.0.0-1020.21)
|
|
| eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.15.0-1059.64~14.04.1)
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.15.0-1059.64)
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1020.21~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.15.0-1059.64)
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1044.70)
|
| disco |
Released
(5.0.0-1017.17)
|
|
| eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.15.0-1044.46)
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1044.70)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1044.46)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1017.17~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-29.31~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.15.0-64.73~16.04.1)
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(was pending \[5.3.0-19.20~18.04.2\] now end-of-life)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.15.0-64.73~16.04.1)
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1046.46)
|
| disco |
Released
(5.0.0-1017.18)
|
|
| eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.4.0-1058.65)
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Released
(3.13.0-173.224~12.04.1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(4.4.0-164.192~14.04.1)
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1056.65)
|
| disco |
Ignored
(was pending \[4.15.0-1056.65\] now end-of-life)
|
|
| eoan |
Released
(4.15.0-1059.68)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Ignored
(was needs-triage now end-of-life)
|
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1022.24)
|
| disco |
Ignored
(was pending \[5.0.0-1022.24\] now end-of-life)
|
|
| eoan |
Released
(5.0.0-1022.24)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1025.28)
|
| disco |
Released
(5.0.0-1004.8)
|
|
| eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.15.0-1025.28~16.04.1)
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
| disco |
Does not exist
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1047.51)
|
| disco |
Released
(5.0.0-1017.17)
|
|
| eoan |
Not vulnerable
(5.0.0-1017.17)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.4.0-1122.131)
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1064.71)
|
| disco |
Released
(5.0.0-1021.22)
|
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(5.3)
|
|
| xenial |
Released
(4.4.0-1126.132)
|
|