Vulnerability CVE-2019-3887


Published: 2019-04-09

Description:
A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.

Type:

CWE-20

(Improper Input Validation)

Vendor: Linux
Product: Linux kernel 
Version:
5.1.2
5.0.9
5.0.8
5.0.7
5.0.4
5.0.2
5.0.15
5.0.11
5.0.10
5.0
4.20.8
4.20.7
4.20.6
4.20.5
4.20.4
4.20.3
4.20.2
4.20.14
4.20.13
4.20.12
4.20.10
4.20.1
4.19.9
4.19.8
4.19.7
4.19.6
4.19.5
4.19.4
4.19.3
4.19.23
4.19.22
4.19.21
4.19.20
4.19.2
4.19.19
4.19.18
4.19.17
4.19.16
4.19.13
4.19.12
4.19.11
4.19.10
4.19.1
4.19
4.18.9
4.18.8
4.18.7
4.18.6
4.18.5
4.18.4
4.18.3
4.18.2
4.18.19
4.18.16
4.18.15
4.18.14
4.18.13
4.18.12
4.18.11
4.18.10
4.18.1
4.18
4.17.9
4.17.8
4.17.7
4.17.6
4.17.5
4.17.4
4.17.3
4.17.2
4.17.1
4.17
4.16.9
4.16.8
4.16.7
4.16.6
4.16.5
4.16.4
4.16.3
4.16.2
4.16.18
4.16.17
4.16.16
4.16.15
4.16.14
4.16.13
4.16.12
4.16.11
4.16.10
4.16.1
4.16
10.5.1
10.5.0
10.2.3
10.2.2
10.2.0

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

 References:
http://www.securityfocus.com/bid/107850
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3887
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWPOIII2L73HV5PGXSGMRMKQIK47UIYE/
https://usn.ubuntu.com/3979-1/
https://usn.ubuntu.com/3980-1/
https://usn.ubuntu.com/3980-2/

Related CVE
CVE-2017-18509
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbi...
CVE-2019-14763
In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
CVE-2018-20961
In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2019-10142
A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. A...
CVE-2018-16871
A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence....
CVE-2017-18379
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
CVE-2016-10764
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.
CVE-2015-9289
In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values suc...

Copyright 2019, cxsecurity.com

 

Back to Top