Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-7222
HistoryMar 21, 2019 - 12:00 a.m.

CVE-2019-7222

2019-03-2100:00:00
ubuntu.com
ubuntu.com
18

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.1%

The KVM implementation in the Linux kernel through 4.20.5 has an
Information Leak.

Bugs

Notes

Author Note
tyhicks Ubuntu kernels do not enable nested KVM virtualization by default and are unaffected by this flaw in the default configuration. However, installing QEMU results in nested KVM support to be enabled via the /etc/modprobe.d/qemu-system-x86.conf file. To ensure that nested virtualization is not enabled, verify that the /sys/module/kvm_intel/parameters/nested file contains “N”.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux-aws< 4.15.0-1035.37UNKNOWN
ubuntu18.10noarchlinux-aws< 4.18.0-1012.14UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1040.43UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1079.89UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1035.37~16.04.1UNKNOWN
ubuntu18.04noarchlinux-azure< 4.18.0-1014.14~18.04.1UNKNOWN
ubuntu18.10noarchlinux-azure< 4.18.0-1014.14UNKNOWN
ubuntu14.04noarchlinux-azure< 4.15.0-1041.45~14.04.1UNKNOWN
ubuntu16.04noarchlinux-azure< 4.15.0-1041.45UNKNOWN
ubuntu18.04noarchlinux< 4.15.0-47.50UNKNOWN
Rows per page:
1-10 of 361

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

24.1%

Related for UB:CVE-2019-7222