PT-2019-4107 · Qemu+7 · Qemu-Kvm+7

Peter Pi

·

Published

2014-10-23

·

Updated

2023-12-15

·

CVE-2019-14835

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.34 through 5.2.x
Description A buffer overflow flaw was found in the Linux kernel's vhost functionality, which translates virtqueue buffers to IOVs and logs buffer descriptors during migration. This flaw can be exploited by a privileged guest user who can pass descriptors with invalid length to the host during migration, potentially increasing their privileges on the host. The issue is related to the vhost-net module, which is a network backend for virtio, and can be used to bypass isolation in systems based on QEMU-KVM.
Recommendations For Linux kernel versions 2.6.34 through 5.2.x, consider disabling the vhost functionality or restricting access to it until a patch is available. As a temporary workaround, avoid using the vhost-net module during virtual machine migration. There is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2014-2297
ALT-PU-2015-1794
ALT-PU-2016-1262
ALT-PU-2017-1299
ALT-PU-2018-1557
ALT-PU-2019-1139
ALT-PU-2019-1363
ALT-PU-2019-2700
ALT-PU-2019-2701
ALT-PU-2019-2745
ALT-PU-2019-2768
ALT-PU-2019-2890
ALT-PU-2020-1024
ALT-PU-2020-2410
ALT-PU-2020-2433
BDU:2019-04676
CESA-2019_2827
CESA-2019_2828
CESA-2019_2829
CESA-2019_2863
CVE-2019-14835
DLA-1930-1
DLA-1940-1
DSA-4531-1
MGASA-2019-0287
MGASA-2019-0288
MGASA-2019-0333
OPENSUSE-SU-2019:2173-1
OPENSUSE-SU-2019:2181-1
OPENSUSE-SU-2019_2173-1
OPENSUSE-SU-2019_2181-1
RHSA-2019:2827
RHSA-2019:2828
RHSA-2019:2829
RHSA-2019:2830
RHSA-2019:2854
RHSA-2019:2862
RHSA-2019:2863
RHSA-2019:2864
RHSA-2019:2865
RHSA-2019:2866
RHSA-2019:2867
RHSA-2019:2869
RHSA-2019:2889
RHSA-2019:2899
RHSA-2019:2900
RHSA-2019:2901
RHSA-2019:2924
RHSA-2019_2827
RHSA-2019_2828
RHSA-2019_2829
RHSA-2019_2830
RHSA-2019_2863
SUSE-SU-2019:14218-1
SUSE-SU-2019:2412-1
SUSE-SU-2019:2414-1
SUSE-SU-2019:2424-1
SUSE-SU-2019:2572-1
SUSE-SU-2019:2600-1
SUSE-SU-2019:2601-1
SUSE-SU-2019:2613-1
SUSE-SU-2019:2648-1
SUSE-SU-2019:2651-1
SUSE-SU-2019:2658-1
SUSE-SU-2019:2738-1
SUSE-SU-2019:2756-1
SUSE-SU-2019:2821-1
SUSE-SU-2019:2864-1
SUSE-SU-2019:2949-1
SUSE-SU-2019:2950-1
SUSE-SU-2019:2984-1
SUSE-SU-2019:3200-1
SUSE-SU-2019_14218-1
SUSE-SU-2019_2572-1
SUSE-SU-2019_2613-1
SUSE-SU-2020:0093-1
SUSE-SU-2020:0183-1
USN-4135-1
USN-4135-2

Affected Products

Alt Linux
Centos
Huawei Vrp
Linux Kernel
Qemu-Kvm
Red Hat
Suse
Ubuntu