Veracode Vulnerability DatabaseVERACODE:19162Denial Of Service (DoS)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
Linux kernel is vulnerable to denial of service vulnerability. The vulnerability exists in Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. A malicious guest device could send a virtual interrupt (guest IRQ) with a larger (>1024) index value resulting in a system failure.
References
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=36ae3c0a36b7456432fedce38ae2f7bd3e01a563
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb
www.debian.org/security/2017/dsa-3981
www.openwall.com/lists/oss-security/2017/09/15/4
www.securityfocus.com/bid/101022
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.5_Release_Notes/index.html
access.redhat.com/errata/RHSA-2018:0676
access.redhat.com/errata/RHSA-2018:1062
access.redhat.com/errata/RHSA-2018:1130
access.redhat.com/security/cve/CVE-2017-13305
access.redhat.com/security/cve/CVE-2017-15274
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1292927
bugzilla.redhat.com/show_bug.cgi?id=1401061
bugzilla.redhat.com/show_bug.cgi?id=1430418
bugzilla.redhat.com/show_bug.cgi?id=1448770
bugzilla.redhat.com/show_bug.cgi?id=1452589
bugzilla.redhat.com/show_bug.cgi?id=1462329
bugzilla.redhat.com/show_bug.cgi?id=1490781
bugzilla.redhat.com/show_bug.cgi?id=1500894
bugzilla.redhat.com/show_bug.cgi?id=1503749
bugzilla.redhat.com/show_bug.cgi?id=1506255
bugzilla.redhat.com/show_bug.cgi?id=1507270
bugzilla.redhat.com/show_bug.cgi?id=1509264
bugzilla.redhat.com/show_bug.cgi?id=1518274
bugzilla.redhat.com/show_bug.cgi?id=1518638
github.com/torvalds/linux/commit/36ae3c0a36b7456432fedce38ae2f7bd3e01a563
github.com/torvalds/linux/commit/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb
marc.info/?l=kvm&m=150549145711115&w=2
marc.info/?l=kvm&m=150549146311117&w=2
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P