Home > Vulnerability Database > CVE-2019-19332

Mend.io Vulnerability Database

CVE-2019-19332

Good to know:

Date: January 9, 2020

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.

Language: C

Severity Score

6.1

Related Resources (25)

Url: https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/

Url: https://www.openwall.com/lists/oss-security/2019/12/16/1

Url: https://security-tracker.debian.org/tracker/CVE-2019-19332

Url: https://access.redhat.com/errata/RHSA-2020:4431

Url: https://access.redhat.com/errata/RHSA-2020:4609

Url: https://usn.ubuntu.com/4258-1/

Url: https://usn.ubuntu.com/4254-2/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19332

Url: http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html

Url: https://lore.kernel.org/kvm/000000000000ea5ec20598d90e50%40google.com/

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-19332

Url: https://security.netapp.com/advisory/ntap-20200204-0002/

Url: https://usn.ubuntu.com/4254-1/

Url: https://usn.ubuntu.com/4287-2/

Url: https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html

Url: https://usn.ubuntu.com/4287-1/

Url: https://access.redhat.com/security/cve/CVE-2019-19332

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332

Url: https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1779594

Url: https://access.redhat.com/errata/RHSA-2020:4062

Url: https://usn.ubuntu.com/4284-1/

Url: https://access.redhat.com/errata/RHSA-2020:4060

Url: http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html

Url: https://www.mend.io/vulnerability-database/CVE-2019-19332

Severity Score

6.1

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version v5.5-rc1,v3.16.79,v4.14.159,v4.19.89,v4.4.207,v4.9.207,v5.3.16,v5.4.3

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

CVSS v2

Base Score:	5.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-19332

Good to know:

Date: January 9, 2020

Language: C

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?