Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-3882

Опубликовано: 24 апр. 2019
Источник: debian
EPSS Низкий

Описание

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
linuxfixed4.19.37-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2019/04/03/1

  • https://lore.kernel.org/lkml/155414977872.12780.13728555131525362206.stgit@gimli.home/T/#u

  • https://bugzilla.redhat.com/show_bug.cgi?id=1689426

  • Fixed by: https://git.kernel.org/linus/492855939bdb59c6f947b0b5b44af9ad82b7e38c

EPSS

Процентиль: 11%
0.00038
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-3882

CVSS3: 5.5
ubuntu
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

redhat логотип

CVE-2019-3882

CVSS3: 4.7
redhat
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

nvd логотип

CVE-2019-3882

CVSS3: 5.5
nvd
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

github логотип

GHSA-xmpq-jcv6-q64p

CVSS3: 5.5
github
около 3 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

fstec логотип

BDU:2019-03629

CVSS3: 5.5
fstec
около 6 лет назад

Уязвимость драйвера vfio ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 11%
0.00038
Низкий