{
  "threat_severity" : "Important",
  "public_date" : "2019-09-17T17:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: KVM: OOB memory access via mmio ring buffer",
    "id" : "1746708",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1746708"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.", "An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system." ],
  "statement" : "This issue requires unprivileged users to have access to '/dev/kvm' device. So restricting access to '/dev/kvm' device to known trusted users could limit its exploitation by untrusted users/processes.",
  "acknowledgement" : "Red Hat would like to thank Matt Delco (Google.com) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-12-17T00:00:00Z",
    "advisory" : "RHSA-2019:4256",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-754.25.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-26T00:00:00Z",
    "advisory" : "RHSA-2019:3978",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1062.7.1.rt56.1030.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-11-26T00:00:00Z",
    "advisory" : "RHSA-2019:3979",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1062.7.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-12-10T00:00:00Z",
    "advisory" : "RHSA-2019:4154",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-alt-0:4.14.0-115.16.1.el7a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-01-06T00:00:00Z",
    "advisory" : "RHSA-2020:0027",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kpatch-patch"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support",
    "release_date" : "2020-07-07T00:00:00Z",
    "advisory" : "RHSA-2020:2851",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.6",
    "package" : "kernel-0:3.10.0-957.56.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-05T00:00:00Z",
    "advisory" : "RHSA-2019:3309",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-147.rt24.93.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-11-05T00:00:00Z",
    "advisory" : "RHSA-2019:3517",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-147.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-01-22T00:00:00Z",
    "advisory" : "RHSA-2020:0204",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.0",
    "package" : "kernel-0:4.18.0-80.15.1.el8_0"
  }, {
    "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2020-07-07T00:00:00Z",
    "advisory" : "RHSA-2020:2851",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "kernel-0:3.10.0-957.56.1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel-alt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14821" ],
  "name" : "CVE-2019-14821",
  "mitigation" : {
    "value" : "Restrict access to the '/dev/kvm' device to trusted users.",
    "lang" : "en:us"
  },
  "csaw" : false
}