Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-7221

Опубликовано: 07 фев. 2019
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system.

Отчет

This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue. Note: Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-altNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2019:083323.04.2019
Red Hat Enterprise Linux 7kernelFixedRHSA-2019:081823.04.2019
Red Hat Enterprise Linux 7.4 Advanced Update SupportkernelFixedRHSA-2019:405803.12.2019
Red Hat Enterprise Linux 7.4 Telco Extended Update SupportkernelFixedRHSA-2019:405803.12.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1671904Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer

EPSS

Процентиль: 29%
0.00102
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-7221

CVSS3: 7.8
ubuntu
около 6 лет назад

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

nvd логотип

CVE-2019-7221

CVSS3: 7.8
nvd
около 6 лет назад

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

debian логотип

CVE-2019-7221

CVSS3: 7.8
debian
около 6 лет назад

The KVM implementation in the Linux kernel through 4.20.5 has a Use-af ...

github логотип

GHSA-jc59-87wq-g5xp

CVSS3: 7.8
github
около 3 лет назад

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

fstec логотип

BDU:2019-01352

CVSS3: 7.8
fstec
больше 6 лет назад

Уязвимость подсистемы виртуализации Kernel-based Virtual Machine (KVM) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 29%
0.00102
Низкий

7.5 High

CVSS3