PT-2019-3456 · Linux+5 · Linux Kernel+5
Alex Williamson
·
Published
2019-04-02
·
Updated
2024-06-15
·
CVE-2019-3882
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 3.10, 4.14, and 4.18
Description
A flaw in the Linux kernel's vfio interface implementation allows for the violation of a user's locked memory limit, potentially causing system memory exhaustion and a denial of service (DoS). This issue can be exploited if a device is bound to a vfio driver and the attacker has administrative ownership of the device.
Recommendations
For version 3.10, update to a fixed version to resolve the issue.
For version 4.14, update to a fixed version to resolve the issue.
For version 4.18, update to a fixed version to resolve the issue.
As a temporary workaround, consider restricting access to vfio drivers, such as vfio-pci, to minimize the risk of exploitation.
Exploit
Fix
DoS
Resource Exhaustion
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu