CVE-2019-3882
kernel: denial of service vector through vfio DMA mappings
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
Se encontró un fallo en la implementación de la interfaz vfio del kernel de Linux que permite la violación del límite de memoria bloqueada del usuario. Si un dispositivo está vinculado a un controlador vfio, como vfio-pci, y al atacante local se le otorga la propiedad del dispositivo, puede provocar un agotamiento de la memoria del sistema y, por lo tanto, una Denegación de Servicio( DoS) (DoS). Las versiones 3.10, versión 4.14 y versión 4.18 son vulnerables.
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-03 CVE Reserved
- 2019-04-24 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/Aug/18 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190517-0005 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882 | 2023-02-12 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html | 2023-02-12 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html | 2023-02-12 | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2019:2029 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2019:2043 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2019:3309 | 2023-02-12 | |
| https://access.redhat.com/errata/RHSA-2019:3517 | 2023-02-12 | |
| https://usn.ubuntu.com/3979-1 | 2023-02-12 | |
| https://usn.ubuntu.com/3980-1 | 2023-02-12 | |
| https://usn.ubuntu.com/3980-2 | 2023-02-12 | |
| https://usn.ubuntu.com/3981-1 | 2023-02-12 | |
| https://usn.ubuntu.com/3981-2 | 2023-02-12 | |
| https://usn.ubuntu.com/3982-1 | 2023-02-12 | |
| https://usn.ubuntu.com/3982-2 | 2023-02-12 | |
| https://www.debian.org/security/2019/dsa-4497 | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2019-3882 | 2019-11-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1689426 | 2019-11-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | Cn1610 Firmware Search vendor "Netapp" for product "Cn1610 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Cn1610 Search vendor "Netapp" for product "Cn1610" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 3.10 Search vendor "Linux" for product "Linux Kernel" and version "3.10" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.14 Search vendor "Linux" for product "Linux Kernel" and version "4.14" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 4.18 Search vendor "Linux" for product "Linux Kernel" and version "4.18" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.3 Search vendor "Opensuse" for product "Leap" and version "42.3" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager For Vmware Vsphere Search vendor "Netapp" for product "Active Iq Unified Manager For Vmware Vsphere" | >= 9.5 Search vendor "Netapp" for product "Active Iq Unified Manager For Vmware Vsphere" and version " >= 9.5" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Management Node Search vendor "Netapp" for product "Hci Management Node" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapprotect Search vendor "Netapp" for product "Snapprotect" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere Search vendor "Netapp" for product "Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere" | >= 7.2 Search vendor "Netapp" for product "Storage Replication Adapter For Clustered Data Ontap For Vmware Vsphere" and version " >= 7.2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Vasa Provider For Clustered Data Ontap Search vendor "Netapp" for product "Vasa Provider For Clustered Data Ontap" | >= 7.2 Search vendor "Netapp" for product "Vasa Provider For Clustered Data Ontap" and version " >= 7.2" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Virtual Storage Console For Vmware Vsphere Search vendor "Netapp" for product "Virtual Storage Console For Vmware Vsphere" | >= 7.2 Search vendor "Netapp" for product "Virtual Storage Console For Vmware Vsphere" and version " >= 7.2" | - |
Affected
| ||||||