CVE-2019-14821

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.3

Description The issue is related to an out-of-bounds access problem in the Linux kernel's KVM hypervisor, specifically in the Coalesced MMIO write operation. This operation uses an MMIO ring buffer 'struct kvm coalesced mmio' object, where write indices 'ring->first' and 'ring->last' can be supplied by a host user-space process. An unprivileged host user or process with access to the '/dev/kvm' device could exploit this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Recommendations For Linux kernel versions through 5.3, consider restricting access to the '/dev/kvm' device to minimize the risk of exploitation. As a temporary workaround, limiting the use of the Coalesced MMIO write operation until a patch is available may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.