CVE-2019-14835
Published: 17 September 2019
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
From the Ubuntu Security Team
Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS.
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-64.73)
|
disco |
Released
(5.0.0-29.31)
|
|
eoan |
Not vulnerable
(5.3.0-12.13)
|
|
trusty |
Released
(3.13.0-173.224)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-164.192)
|
|
Patches: Introduced by 3a4d5c94e959359ece6d6b55045c3f046677f55c |
||
linux-aws Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1050.52)
|
disco |
Released
(5.0.0-1016.18)
|
|
eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
trusty |
Released
(4.4.0-1054.58)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1094.105)
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1021.24~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1050.52~16.04.1)
|
|
linux-azure Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1020.21~18.04.1)
|
disco |
Released
(5.0.0-1020.21)
|
|
eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
trusty |
Released
(4.15.0-1059.64~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1059.64)
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1020.21~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1059.64)
|
|
linux-gcp Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1044.70)
|
disco |
Released
(5.0.0-1017.17)
|
|
eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1044.46)
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1044.70)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1044.46)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1017.17~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-29.31~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-64.73~16.04.1)
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of life, was pending)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-64.73~16.04.1)
|
|
linux-kvm Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1046.46)
|
disco |
Released
(5.0.0-1017.18)
|
|
eoan |
Not vulnerable
(5.3.0-1003.3)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1058.65)
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Released
(4.4.0-164.192~14.04.1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-oem Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1056.65)
|
disco |
Ignored
(end of life, was pending)
|
|
eoan |
Released
(4.15.0-1059.68)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Ignored
(end of standard support, was needs-triage)
|
|
linux-oem-5.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
bionic |
Released
(5.0.0-1022.24)
|
disco |
Ignored
(end of life, was pending)
|
|
eoan |
Released
(5.0.0-1022.24)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-oracle Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1025.28)
|
disco |
Released
(5.0.0-1004.8)
|
|
eoan |
Not vulnerable
(5.3.0-1002.2)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.15.0-1025.28~16.04.1)
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.0.0-1007.12~18.04.1)
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1047.51)
|
disco |
Released
(5.0.0-1017.17)
|
|
eoan |
Not vulnerable
(5.0.0-1017.17)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1122.131)
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Does not exist
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
bionic |
Released
(4.15.0-1064.71)
|
disco |
Released
(5.0.0-1021.22)
|
|
eoan |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(5.3)
|
|
xenial |
Released
(4.4.0-1126.132)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.8 |
Attack vector | Local |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |