Privilege escalation in Linux kernel vhost functionality

Sep 22, 2019 10:00 am Cyber Security 411

This security advisory describes one medium risk vulnerability.


1) Buffer overflow


Severity: Medium


CVSSv3: 6.6 [CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]


CVE-ID: CVE-2019-14835


CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer


Description

The vulnerability allows a remote attacker to escalate privileges on the system.


The vulnerability exists due to a boundary error within the vhost/vhost_net Linux kernel module during the live migration flow when processing dirty log entries. A privileged guest user can pass descriptors with invalid length to the host when migration is on the way, trigger buffer overflow and execute arbitrary code on the host OS.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

Linux kernel: 2.6.34, 2.6.34.1, 2.6.34.2, 2.6.34.3, 2.6.34.4, 2.6.34.5, 2.6.34.6, 2.6.34.7, 2.6.34.8, 2.6.34.9, 2.6.34.10, 2.6.35, 2.6.35.1, 2.6.35.2, 2.6.35.3, 2.6.35.4, 2.6.35.5, 2.6.35.6, 2.6.35.7, 2.6.35.8, 2.6.35.9, 2.6.35.10, 2.6.35.11, 2.6.35.12, 2.6.35.13, 2.6.36, 2.6.36-rc1, 2.6.36-rc2, 2.6.36-rc3, 2.6.36.1, 2.6.36.2, 2.6.36.3, 2.6.36.4, 2.6.37, 2.6.37.1, 2.6.37.2, 2.6.37.3, 2.6.37.4, 2.6.37.5, 2.6.37.6, 2.6.38, 2.6.38.1, 2.6.38.2, 2.6.38.3, 2.6.38.4, 2.6.38.5, 2.6.38.6, 2.6.38.7, 2.6.38.8, 2.6.39, 2.6.39.1, 2.6.39.2, 2.6.39.3, 2.6.39.4, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.0.20, 3.0.21, 3.0.22, 3.0.23, 3.0.24, 3.0.25, 3.0.26, 3.0.27, 3.0.28, 3.0.29, 3.0.30, 3.0.31, 3.0.32, 3.0.33, 3.0.34, 3.0.35, 3.0.36, 3.0.37, 3.0.38, 3.0.39, 3.0.40, 3.0.41, 3.0.42, 3.0.43, 3.0.44, 3.0.45, 3.0.46, 3.0.47, 3.0.48, 3.0.49, 3.0.50, 3.0.51, 3.0.52, 3.0.53, 3.0.54, 3.0.55, 3.0.56, 3.0.57, 3.0.58, 3.0.59, 3.0.60, 3.0.61, 3.0.62, 3.0.63, 3.0.64, 3.0.65, 3.0.66, 3.0.67, 3.0.68, 3.0.69, 3.0.70, 3.0.71, 3.0.72, 3.0.73, 3.0.74, 3.0.75, 3.0.76, 3.0.77, 3.0.78, 3.0.79, 3.0.80, 3.0.81, 3.0.82, 3.0.83, 3.0.84, 3.0.85, 3.0.86, 3.0.87, 3.0.88, 3.0.89, 3.0.90, 3.0.91, 3.0.92, 3.0.93, 3.0.94, 3.0.95, 3.0.96, 3.0.97, 3.0.98, 3.0.99, 3.0.100, 3.0.101, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.2.12, 3.2.13, 3.2.14, 3.2.15, 3.2.16, 3.2.17, 3.2.18, 3.2.19, 3.2.20, 3.2.21, 3.2.22, 3.2.23, 3.2.24, 3.2.25, 3.2.26, 3.2.27, 3.2.28, 3.2.29, 3.2.30, 3.2.31, 3.2.32, 3.2.33, 3.2.34, 3.2.35, 3.2.36, 3.2.37, 3.2.38, 3.2.39, 3.2.40, 3.2.41, 3.2.42, 3.2.43, 3.2.44, 3.2.45, 3.2.46, 3.2.47, 3.2.48, 3.2.49, 3.2.50, 3.2.51, 3.2.52, 3.2.53, 3.2.54, 3.2.55, 3.2.56, 3.2.57, 3.2.58, 3.2.59, 3.2.60, 3.2.61, 3.2.62, 3.2.63, 3.2.64, 3.2.65, 3.2.66, 3.2.67, 3.2.68, 3.2.69, 3.2.70, 3.2.71, 3.2.72, 3.2.73, 3.2.74, 3.2.75, 3.2.76, 3.2.77, 3.2.78, 3.2.78-1, 3.2.79, 3.2.80, 3.2.81, 3.2.81-1, 3.2.82, 3.2.83, 3.2.84, 3.2.85, 3.2.86, 3.2.87, 3.2.88, 3.2.89, 3.2.89-2, 3.2.90, 3.2.91, 3.2.92, 3.2.93, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.4.10, 3.4.11, 3.4.12, 3.4.13, 3.4.14, 3.4.15, 3.4.16, 3.4.17, 3.4.18, 3.4.19, 3.4.20, 3.4.21, 3.4.22, 3.4.23, 3.4.24, 3.4.25, 3.4.26, 3.4.27, 3.4.28, 3.4.29, 3.4.30, 3.4.31, 3.4.32, 3.4.33, 3.4.34, 3.4.35, 3.4.36, 3.4.37, 3.4.38, 3.4.39, 3.4.40, 3.4.41, 3.4.42, 3.4.43, 3.4.44, 3.4.45, 3.4.46, 3.4.47, 3.4.48, 3.4.49, 3.4.50, 3.4.51, 3.4.52, 3.4.53, 3.4.54, 3.4.55, 3.4.56, 3.4.57, 3.4.58, 3.4.59, 3.4.60, 3.4.61, 3.4.62, 3.4.63, 3.4.64, 3.4.65, 3.4.66, 3.4.67, 3.4.68, 3.4.69, 3.4.70, 3.4.71, 3.4.72, 3.4.73, 3.4.74, 3.4.75, 3.4.76, 3.4.77, 3.4.78, 3.4.79, 3.4.80, 3.4.81, 3.4.82, 3.4.83, 3.4.84, 3.4.85, 3.4.86, 3.4.87, 3.4.88, 3.4.89, 3.4.90, 3.4.91, 3.4.92, 3.4.93, 3.4.94, 3.4.95, 3.4.96, 3.4.97, 3.4.98, 3.4.99, 3.4.100, 3.4.101, 3.4.102, 3.4.103, 3.4.104, 3.4.105, 3.4.106, 3.4.107, 3.4.108, 3.4.109, 3.4.110, 3.4.111, 3.4.112, 3.4.113, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 3.7.8, 3.7.9, 3.7.10, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.8.10, 3.8.11, 3.8.12, 3.8.13, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.9.8, 3.9.9, 3.9.10, 3.9.11, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.1.24, 4.1.25, 4.1.26, 4.1.27, 4.1.28, 4.1.29, 4.1.30, 4.1.31, 4.1.32, 4.1.33, 4.1.34, 4.1.35, 4.1.36, 4.1.37, 4.1.38, 4.1.39, 4.1.40, 4.1.41, 4.1.42, 4.1.43, 4.1.44, 4.1.45, 4.1.46, 4.1.47, 4.1.48, 4.1.49, 4.1.50, 4.1.51, 4.1.52, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.4.0, 4.4.0-57, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.14, 4.4.15, 4.4.16, 4.4.17, 4.4.18, 4.4.19, 4.4.20, 4.4.21, 4.4.22, 4.4.23, 4.4.24, 4.4.25, 4.4.26, 4.4.27, 4.4.28, 4.4.29, 4.4.30, 4.4.31, 4.4.32, 4.4.33, 4.4.34, 4.4.35, 4.4.36, 4.4.37, 4.4.38, 4.4.39, 4.4.40, 4.4.41, 4.4.42, 4.4.43, 4.4.44, 4.4.45, 4.4.46, 4.4.47, 4.4.48, 4.4.49, 4.4.50, 4.4.51, 4.4.52, 4.4.53, 4.4.54, 4.4.55, 4.4.56, 4.4.57, 4.4.58, 4.4.59, 4.4.60, 4.4.61, 4.4.62, 4.4.63, 4.4.64, 4.4.65, 4.4.66, 4.4.67, 4.4.68, 4.4.69, 4.4.70, 4.4.71, 4.4.72, 4.4.73, 4.4.74, 4.4.75, 4.4.76, 4.4.77, 4.4.78, 4.4.79, 4.4.80, 4.4.81, 4.4.82, 4.4.83, 4.4.84, 4.4.85, 4.4.86, 4.4.87, 4.4.88, 4.4.89, 4.4.90, 4.4.91, 4.4.92, 4.4.93, 4.4.94, 4.4.95, 4.4.96, 4.4.97, 4.4.98, 4.4.99, 4.4.100, 4.4.101, 4.4.102, 4.4.103, 4.4.104, 4.4.105, 4.4.106, 4.4.107, 4.4.108, 4.4.109, 4.4.110, 4.4.111, 4.4.112, 4.4.113, 4.4.114, 4.4.115, 4.4.116, 4.4.117, 4.4.118, 4.4.119, 4.4.120, 4.4.121, 4.4.122, 4.4.123, 4.4.124, 4.4.125, 4.4.126, 4.4.127, 4.4.128, 4.4.129, 4.4.130, 4.4.131, 4.4.132, 4.4.133, 4.4.134, 4.4.135, 4.4.136, 4.4.137, 4.4.138, 4.4.139, 4.4.140, 4.4.141, 4.4.142, 4.4.143, 4.4.144, 4.4.145, 4.4.146, 4.4.147, 4.4.148, 4.4.149, 4.4.150, 4.4.151, 4.4.152, 4.4.153, 4.4.154, 4.4.155, 4.4.156, 4.4.157, 4.4.158, 4.4.159, 4.4.160, 4.4.161, 4.4.162, 4.4.163, 4.4.164, 4.4.165, 4.4.166, 4.4.167, 4.4.168, 4.4.169, 4.4.170, 4.4.171, 4.4.172, 4.4.173, 4.4.174, 4.4.175, 4.4.176, 4.4.177, 4.4.178, 4.4.179, 4.4.180, 4.4.181, 4.4.182, 4.4.183, 4.4.184, 4.4.185, 4.4.186, 4.4.187, 4.4.188, 4.4.189, 4.4.190, 4.4.191, 4.4.192, 4.4.193, 4.4.194, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.4-1 , 4.6.5, 4.6.6, 4.6.7, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.7.10, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.8.7, 4.8.8, 4.8.9, 4.8.10, 4.8.11, 4.8.12, 4.8.13, 4.8.14, 4.8.15, 4.8.16, 4.8.17, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 4.9.12, 4.9.13, 4.9.14, 4.9.15, 4.9.16, 4.9.17, 4.9.18, 4.9.19, 4.9.20, 4.9.21, 4.9.22, 4.9.23, 4.9.24, 4.9.25, 4.9.26, 4.9.27, 4.9.28, 4.9.29, 4.9.30, 4.9.31, 4.9.32, 4.9.33, 4.9.34, 4.9.35, 4.9.36, 4.9.37, 4.9.38, 4.9.39, 4.9.40, 4.9.41, 4.9.42, 4.9.43, 4.9.44, 4.9.45, 4.9.46, 4.9.47, 4.9.48, 4.9.49, 4.9.50, 4.9.51, 4.9.52, 4.9.53, 4.9.54, 4.9.55, 4.9.56, 4.9.57, 4.9.58, 4.9.59, 4.9.60, 4.9.61, 4.9.62, 4.9.63, 4.9.64, 4.9.65, 4.9.66, 4.9.67, 4.9.68, 4.9.69, 4.9.70, 4.9.71, 4.9.72, 4.9.73, 4.9.74, 4.9.75, 4.9.76, 4.9.77, 4.9.78, 4.9.79, 4.9.80, 4.9.81, 4.9.82, 4.9.83, 4.9.84, 4.9.85, 4.9.86, 4.9.87, 4.9.88, 4.9.89, 4.9.90, 4.9.91, 4.9.92, 4.9.93, 4.9.94, 4.9.95, 4.9.96, 4.9.97, 4.9.98, 4.9.99, 4.9.100, 4.9.101, 4.9.102, 4.9.103, 4.9.104, 4.9.105, 4.9.106, 4.9.107, 4.9.108, 4.9.109, 4.9.110, 4.9.111, 4.9.112, 4.9.113, 4.9.114, 4.9.115, 4.9.116, 4.9.117, 4.9.118, 4.9.119, 4.9.120, 4.9.121, 4.9.122, 4.9.123, 4.9.124, 4.9.125, 4.9.126, 4.9.127, 4.9.128, 4.9.129, 4.9.130, 4.9.131, 4.9.132, 4.9.133, 4.9.134, 4.9.135, 4.9.136, 4.9.137, 4.9.138, 4.9.139, 4.9.140, 4.9.141, 4.9.142, 4.9.143, 4.9.144, 4.9.145, 4.9.146, 4.9.147, 4.9.148, 4.9.149, 4.9.150, 4.9.151, 4.9.152, 4.9.153, 4.9.154, 4.9.155, 4.9.156, 4.9.157, 4.9.158, 4.9.159, 4.9.160, 4.9.161, 4.9.162, 4.9.163, 4.9.164, 4.9.165, 4.9.166, 4.9.167, 4.9.168, 4.9.169, 4.9.170, 4.9.171, 4.9.172, 4.9.173, 4.9.174, 4.9.175, 4.9.176, 4.9.177, 4.9.178, 4.9.179, 4.9.180, 4.9.181, 4.9.182, 4.9.183, 4.9.184, 4.9.185, 4.9.186, 4.9.187, 4.9.188, 4.9.189, 4.9.190, 4.9.191, 4.9.192, 4.9.193, 4.9.194, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.20, 5.0.21, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.2.15, 5.2.16, 5.2.17


CPE
External links

https://www.openwall.com/lists/oss-security/2019/09/17/1https://github.com/torvalds/linux/commit/060423bfdee3f8bc6e2c1bac97de24d5415e2bc4https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git/commit/?h=for_linus&id=060423 ..

Support the originator by clicking the read the rest link below.

privilege escalation linux kernel vhost functionality
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!