PT-2019-2980 · Linux+4 · Linux Kernel+4

Marc Orr

Publicado

2019-04-05

Atualizado

2024-06-15

CVE-2019-3887

CVSS v3.1

6.7

Média

Vetor

AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel versions 4.16 and newer

Description The issue is related to a flaw in the KVM hypervisor's handling of x2APIC Machine Specific Register (MSR) access with nested virtualization enabled, allowing a guest to potentially access the host's APIC register values and crash the host kernel, resulting in a denial of service.

Recommendations For Linux Kernel versions 4.16 and newer, update to a version that includes a fix for this issue to prevent potential denial of service attacks.

Correção

DoS

Incorrect Authorization

RCE

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863CWE-20CWE-284

Identificadores relacionados

ALT-PU-2019-1663

ALT-PU-2019-1664

ALT-PU-2019-1665

ALT-PU-2019-1666

AZL-34854

AZL-6521

BDU:2019-02958

CESA-2019_2703

CESA-2019_2741

CVE-2019-3887

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

RHSA-2019:2703

RHSA-2019:2741

RHSA-2019_2703

RHSA-2019_2741

USN-3979-1

USN-3980-1

USN-3980-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Ubuntu

PT-2019-2980 · Linux+4 · Linux Kernel+4

CVE-2019-3887

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 239