{ "threat_severity" : "Important", "public_date" : "2019-09-17T00:00:00Z", "bugzilla" : { "description" : "kernel: vhost-net: guest to host kernel escape during migration", "id" : "1750727", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1750727" }, "cvss3" : { "cvss3_base_score" : "7.2", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-120", "details" : [ "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.", "A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. In the worst case (and likely most common virtualization) scenario this flaw affects KVM/qemu hypervisor enabled hosts running Linux guests." ], "statement" : "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost", "acknowledgement" : "Red Hat would like to thank Peter Pi (Tencent Blade Team) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2863", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-754.23.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date" : "2019-09-25T00:00:00Z", "advisory" : "RHSA-2019:2901", "cpe" : "cpe:/o:redhat:rhel_aus:6.5", "package" : "kernel-0:2.6.32-431.96.2.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2869", "cpe" : "cpe:/o:redhat:rhel_aus:6.6", "package" : "kernel-0:2.6.32-504.81.2.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2830", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-1062.1.2.rt56.1025.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2829", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-1062.1.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-09-21T00:00:00Z", "advisory" : "RHSA-2019:2854", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2862", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-alt-0:4.14.0-115.13.1.el7a" }, { "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date" : "2019-09-25T00:00:00Z", "advisory" : "RHSA-2019:2899", "cpe" : "cpe:/o:redhat:rhel_aus:7.2", "package" : "kernel-0:3.10.0-327.82.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date" : "2019-09-25T00:00:00Z", "advisory" : "RHSA-2019:2899", "cpe" : "cpe:/o:redhat:rhel_tus:7.2", "package" : "kernel-0:3.10.0-327.82.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date" : "2019-09-25T00:00:00Z", "advisory" : "RHSA-2019:2899", "cpe" : "cpe:/o:redhat:rhel_e4s:7.2", "package" : "kernel-0:3.10.0-327.82.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date" : "2019-09-25T00:00:00Z", "advisory" : "RHSA-2019:2900", "cpe" : "cpe:/o:redhat:rhel_aus:7.3", "package" : "kernel-0:3.10.0-514.69.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date" : "2019-09-25T00:00:00Z", "advisory" : "RHSA-2019:2900", "cpe" : "cpe:/o:redhat:rhel_tus:7.3", "package" : "kernel-0:3.10.0-514.69.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date" : "2019-09-25T00:00:00Z", "advisory" : "RHSA-2019:2900", "cpe" : "cpe:/o:redhat:rhel_e4s:7.3", "package" : "kernel-0:3.10.0-514.69.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2867", "cpe" : "cpe:/o:redhat:rhel_aus:7.4", "package" : "kernel-0:3.10.0-693.59.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2867", "cpe" : "cpe:/o:redhat:rhel_tus:7.4", "package" : "kernel-0:3.10.0-693.59.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2867", "cpe" : "cpe:/o:redhat:rhel_e4s:7.4", "package" : "kernel-0:3.10.0-693.59.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2866", "cpe" : "cpe:/o:redhat:rhel_eus:7.5", "package" : "kernel-0:3.10.0-862.41.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2864", "cpe" : "cpe:/o:redhat:rhel_eus:7.6", "package" : "kernel-0:3.10.0-957.35.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Extended Update Support", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2865", "cpe" : "cpe:/o:redhat:rhel_eus:7.6", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2828", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-80.11.2.rt9.157.el8_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2019-09-20T00:00:00Z", "advisory" : "RHSA-2019:2827", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-80.11.2.el8_0" }, { "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-09-23T00:00:00Z", "advisory" : "RHSA-2019:2864", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "kernel-0:3.10.0-957.35.2.el7" }, { "product_name" : "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-09-27T00:00:00Z", "advisory" : "RHSA-2019:2924", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "redhat-virtualization-host-0:4.2-20190919.0.el7_6" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2019-09-24T00:00:00Z", "advisory" : "RHSA-2019:2889", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "redhat-virtualization-host-0:4.3.5-20190920.0.el7_7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14835\nhttps://access.redhat.com/security/vulnerabilities/kernel-vhost\nhttps://www.openwall.com/lists/oss-security/2019/09/17/1" ], "csaw" : true, "name" : "CVE-2019-14835", "mitigation" : { "value" : "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost", "lang" : "en:us" } }