CVE-2019-14821 HIGH

CVE-2019-14821

Vendor Linux

Product Kernel

Weakness CWE-787

Published September 19, 2019

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Key dates

02Disclosure timeline

September 19, 2019 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-14821 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

CVE-2019-14821

01Description

02Disclosure timeline

03References

04Related CVE