CVE-2019-19332

MEDIUM

Linux Kernel 3.13-5.4 - Out-of-bounds Write via KVM_GET_EMULATED_CPUID ioctl

Title source: llm
STIX 2.1

Description

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.

References (14)

Core 14
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19332
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2019/12/16/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4254-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4254-2/
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200204-0002/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4258-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4287-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4287-2/
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4284-1/

Scores

CVSS v3 6.1
EPSS 0.0002
EPSS Percentile 6.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Details

CWE
CWE-787
Status published
Products (3)
linux/linux_kernel 3.13 - 5.4
redhat/enterprise_linux 7.0
redhat/enterprise_linux 8.0
Published Jan 09, 2020
Tracked Since Feb 18, 2026