CVE-2019-14821

NameCVE-2019-14821
DescriptionAn out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1930-1, DLA-1940-1, DSA-4531-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.304-1fixed
bullseye5.10.209-2fixed
bullseye (security)5.10.205-2fixed
bookworm6.1.76-1fixed
bookworm (security)6.1.85-1fixed
trixie6.6.15-2fixed
sid6.7.9-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcejessie3.16.74-1DLA-1930-1
linuxsourcestretch4.9.189-3+deb9u1DSA-4531-1
linuxsourcebuster4.19.67-2+deb10u1DSA-4531-1
linuxsource(unstable)5.2.17-1
linux-4.9sourcejessie4.9.189-3+deb9u1~deb8u1DLA-1940-1

Notes

https://git.kernel.org/linus/b60fe990c6b07ef6d4df67bc0530c7c90a62623a
Search for package or bug name: Reporting problems