CVE-2019-7221

2019-03-2100:00:00

ubuntu.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.7%

JSON

The KVM implementation in the Linux kernel through 4.20.5 has a
Use-after-Free.

Bugs

<https://bugs.chromium.org/p/project-zero/issues/detail?id=1760>

Notes

Author	Note
tyhicks	Ubuntu kernels do not enable nested KVM virtualization by default and are unaffected by this flaw in the default configuration. However, installing QEMU results in nested KVM support to be enabled via the /etc/modprobe.d/qemu-system-x86.conf file. To ensure that nested virtualization is not enabled, verify that the /sys/module/kvm_intel/parameters/nested file contains “N”.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-47.50UNKNOWN
ubuntu18.10noarchlinux< 4.18.0-17.18UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-145.171UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1035.37UNKNOWN
ubuntu18.10noarchlinux-aws< 4.18.0-1012.14UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1040.43UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1079.89UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1035.37~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure< 4.18.0-1014.14~18.04.1UNKNOWN
ubuntu18.10noarchlinux-azure< 4.18.0-1014.14UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-47.50	UNKNOWN
ubuntu	18.10	noarch	linux	< 4.18.0-17.18	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-145.171	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1035.37	UNKNOWN
ubuntu	18.10	noarch	linux-aws	< 4.18.0-1012.14	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1040.43	UNKNOWN
ubuntu	16.04	noarch	linux-aws	< 4.4.0-1079.89	UNKNOWN
ubuntu	16.04	noarch	linux-aws-hwe	< 4.15.0-1035.37~16.04.1	UNKNOWN
ubuntu	18.04	noarch	linux-azure	< 4.18.0-1014.14~18.04.1	UNKNOWN
ubuntu	18.10	noarch	linux-azure	< 4.18.0-1014.14	UNKNOWN