Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

  • Published: Sep 17, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-14835
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.2
  • AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
linux / linux_kernel 5.3 5.3.x
linux / linux_kernel 5.2 5.2.15
linux / linux_kernel 4.19 4.19.73
linux / linux_kernel 2.6.34 3.16.74
linux / linux_kernel 4.14 4.14.144
linux / linux_kernel 4.4 4.4.193
linux / linux_kernel 4.9 4.9.193
canonical / ubuntu_linux 18.04 18.04.x
canonical / ubuntu_linux 19.04 19.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 12.04 12.04.x
debian / debian_linux 8.0 8.0.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
fedoraproject / fedora 29 29.x
fedoraproject / fedora 30 30.x
opensuse / leap 15.0 15.0.x
opensuse / leap 15.1 15.1.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_server_aus 7.2 7.2.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_server_tus 7.2 7.2.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_server_aus 6.6 6.6.x
redhat / enterprise_linux_server_aus 6.5 6.5.x
redhat / enterprise_linux_for_real_time 7 7.x
redhat / enterprise_linux_desktop 6.0 6.0.x
redhat / enterprise_linux_server 6.0 6.0.x
redhat / enterprise_linux_workstation 6.0 6.0.x
redhat / enterprise_linux_server_tus 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.3 7.3.x
redhat / enterprise_linux_server_aus 7.4 7.4.x
redhat / enterprise_linux_server_tus 7.4 7.4.x
redhat / enterprise_linux_eus 7.5 7.5.x
redhat / enterprise_linux_server_tus 7.6 7.6.x
redhat / enterprise_linux_server_aus 7.6 7.6.x
redhat / openshift_container_platform 3.11 3.11.x
redhat / enterprise_linux_eus 7.6 7.6.x
redhat / enterprise_linux_server 7.6 7.6.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_server_aus 7.7 7.7.x
redhat / enterprise_linux_server_tus 7.7 7.7.x
redhat / enterprise_linux_eus 7.7 7.7.x
redhat / enterprise_linux_for_real_time 8 8.x
redhat / virtualization 4.0 4.0.x
redhat / virtualization_host 4.0 4.0.x
huawei / manageone 6.5.0 6.5.0.x
huawei / imanager_neteco_6000 600r008c10spc300 600r008c10spc300.x
huawei / imanager_neteco_6000 600r008c20 600r008c20.x
huawei / imanager_neteco 600r009c00 600r009c00.x
huawei / imanager_neteco 600r009c10spc200 600r009c10spc200.x
huawei / manageone 6.5.0.spc100.b210 6.5.0.spc100.b210.x
huawei / manageone 6.5.1rc1.b060 6.5.1rc1.b060.x
huawei / manageone 6.5.1rc1.b080 6.5.1rc1.b080.x
huawei / manageone 6.5.rc2.b050 6.5.rc2.b050.x