Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3882

Опубликовано: 24 апр. 2019
Источник: nvd
CVSS3: 4.7
CVSS3: 5.5
CVSS2: 4.9
EPSS Низкий

Описание

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.18:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*
Версия от 9.5 (включая)
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere:*:*:*:*:*:*:*:*
Версия от 7.2 (включая)
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
Версия от 7.2 (включая)
cpe:2.3:a:netapp:virtual_storage_console_for_vmware_vsphere:*:*:*:*:*:*:*:*
Версия от 7.2 (включая)
Конфигурация 7

Одновременно

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

EPSS

Процентиль: 11%
0.00038
Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-770
CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2019-3882

CVSS3: 5.5
ubuntu
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

redhat логотип

CVE-2019-3882

CVSS3: 4.7
redhat
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

debian логотип

CVE-2019-3882

CVSS3: 5.5
debian
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation t ...

github логотип

GHSA-xmpq-jcv6-q64p

CVSS3: 5.5
github
около 3 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

fstec логотип

BDU:2019-03629

CVSS3: 5.5
fstec
около 6 лет назад

Уязвимость драйвера vfio ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 11%
0.00038
Низкий

4.7 Medium

CVSS3

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-770
CWE-770