CVE-2019-18844

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1.

El modelo de dispositivo en ACRN antes de 2019w25.5-140000p se basa en llamadas de afirmación en devicemodel / hw / pci / core.c y devicemodel / include / pci_core.h (en lugar de otros mecanismos para propagar información de error o información de diagnóstico), lo que podría permitir atacantes para causar una denegación de servicio (falla de aserción) dentro de pci core. Esto se soluciona en 1.2. 6199e653418e es una mitigación para las versiones anteriores a la versión 1.1, mientras que 2b3dedfb9ba1 es una mitigación para 1.1.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-11-09 CVE Reserved
2019-11-13 CVE Published
2024-08-05 CVE Updated
2024-11-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-617: Reachable Assertion

CAPEC

References (5)

URL	Tag	Source
https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p	Third Party Advisory
https://github.com/projectacrn/acrn-hypervisor/issues/3252	Third Party Advisory
https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa	2020-11-09
https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535	2020-11-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Acrn Search vendor "Linux" for product "Acrn"				< 2019w25.5-140000p Search vendor "Linux" for product "Acrn" and version " < 2019w25.5-140000p"		-		Affected