PT-2019-3740 · Linux+5 · Linux Kernel+5

Felix Wilhelm

·

Published

2019-02-07

·

Updated

2024-06-15

·

CVE-2019-7222

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.20.5
Description The issue is related to a lack of protection for internal data in the Linux kernel, specifically in the KVM implementation. This can be exploited to reveal protected information by emulating certain instructions, such as VMXON, VMCLEAR, VMPTRLD, and VMWRITE, using a memory address as an operand. The estimated number of potentially affected devices is not specified.
Recommendations For Linux kernel versions through 4.20.5, update to a version later than 4.20.5 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2019-1231
ALT-PU-2019-1251
ALT-PU-2019-1252
ALT-PU-2019-1285
ALT-PU-2019-1286
ALT-PU-2019-1363
ALT-PU-2019-2213
ALT-PU-2019-2234
ALT-PU-2020-1198
ALT-PU-2020-1501
ALT-PU-2020-2410
ALT-PU-2020-2433
ALT-PU-2021-1870
BDU:2019-03996
CESA-2019_2029
CESA-2019_3309
CESA-2019_3517
CVE-2019-7222
DLA-1731-1
DLA-1731-2
DLA-1771-1
MGASA-2019-0097
MGASA-2019-0098
MGASA-2019-0171
OPENSUSE-SU-2019:0203-1
OPENSUSE-SU-2019_0203-1
OPENSUSE-SU-2019_0274-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2019:2029
RHSA-2019:2043
RHSA-2019:3309
RHSA-2019:3517
RHSA-2019_2029
RHSA-2019_2043
RHSA-2019_3309
RHSA-2019_3517
SUSE-SU-2019:0541-1
SUSE-SU-2019:0765-1
SUSE-SU-2019:0767-1
SUSE-SU-2019:0784-1
SUSE-SU-2019:0785-1
SUSE-SU-2019:0828-1
SUSE-SU-2019:0901-1
SUSE-SU-2019:1289-1
SUSE-SU-2019:13979-1
USN-3930-1
USN-3930-2
USN-3931-1
USN-3931-2
USN-3932-1
USN-3932-2
USN-3933-1
USN-3933-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu