Lucene search

[email protected]NVD:CVE-2019-3882

HistoryApr 24, 2019 - 4:29 p.m.

CVE-2019-3882

2019-04-2416:29:02

CWE-770

[email protected]

web.nvd.nist.gov

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

A flaw was found in the Linux kernel’s vfio interface implementation that permits violation of the user’s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

Affected configurations

NVD

Node

linuxlinux_kernelMatch3.10

linuxlinux_kernelMatch4.14

linuxlinux_kernelMatch4.18

Node

fedoraprojectfedora

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

canonicalubuntu_linuxMatch18.10

canonicalubuntu_linuxMatch19.04

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

opensuseleapMatch42.3

Node

netappactive_iq_unified_manager_for_vmware_vsphereRange9.5≥

netapphci_management_nodeMatch-

netappsnapprotectMatch-

netappsolidfireMatch-

netappstorage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphereRange7.2≥

netappvasa_provider_for_clustered_data_ontapRange7.2≥

netappvirtual_storage_console_for_vmware_vsphereRange7.2≥

Node

netappcn1610_firmwareMatch-

AND

netappcn1610Match-

References

lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html

lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html

access.redhat.com/errata/RHSA-2019:2029

access.redhat.com/errata/RHSA-2019:2043

access.redhat.com/errata/RHSA-2019:3309

access.redhat.com/errata/RHSA-2019:3517

bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882

lists.debian.org/debian-lts-announce/2019/05/msg00041.html

lists.debian.org/debian-lts-announce/2019/05/msg00042.html

lists.debian.org/debian-lts-announce/2019/08/msg00017.html

seclists.org/bugtraq/2019/Aug/18

security.netapp.com/advisory/ntap-20190517-0005/

usn.ubuntu.com/3979-1/

usn.ubuntu.com/3980-1/

usn.ubuntu.com/3980-2/

usn.ubuntu.com/3981-1/

usn.ubuntu.com/3981-2/

usn.ubuntu.com/3982-1/

usn.ubuntu.com/3982-2/

www.debian.org/security/2019/dsa-4497

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.2%

JSON

Related for NVD:CVE-2019-3882

redhatcve1 ibm3 prion1 cve1 f51 debiancve1 veracode1 cvelist1 ubuntucve1 openvas56 nessus48 fedora30 mageia3 cloudfoundry2 amazon2 ubuntu7 altlinux1 suse3 debian5 osv3 slackware1 photon3 redhat4 oraclelinux2 centos1