Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-3882

Опубликовано: 02 апр. 2019
Источник: redhat
CVSS3: 4.7

Описание

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise MRG 2kernel-rtNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2019:204307.08.2019
Red Hat Enterprise Linux 7kernelFixedRHSA-2019:202906.08.2019
Red Hat Enterprise Linux 8kernel-rtFixedRHSA-2019:330905.11.2019
Red Hat Enterprise Linux 8kernelFixedRHSA-2019:351705.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1689426kernel: denial of service vector through vfio DMA mappings

4.7 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-3882

CVSS3: 5.5
ubuntu
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

nvd логотип

CVE-2019-3882

CVSS3: 5.5
nvd
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

debian логотип

CVE-2019-3882

CVSS3: 5.5
debian
около 6 лет назад

A flaw was found in the Linux kernel's vfio interface implementation t ...

github логотип

GHSA-xmpq-jcv6-q64p

CVSS3: 5.5
github
около 3 лет назад

A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

fstec логотип

BDU:2019-03629

CVSS3: 5.5
fstec
около 6 лет назад

Уязвимость драйвера vfio ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

4.7 Medium

CVSS3