CVE-2019-14821

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-14821

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14821.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-14821

Downstream

DEBIAN-CVE-2019-14821

DLA-1930-1

DLA-1940-1

DSA-4531-1

RHSA-2019:3309

RHSA-2019:3517

RHSA-2019:3978

RHSA-2019:3979

RHSA-2019:4154

RHSA-2019:4256

RHSA-2020:0027

RHSA-2020:0204

RHSA-2020:2851

SUSE-SU-2019:14218-1

SUSE-SU-2019:2648-1

SUSE-SU-2019:2651-1

SUSE-SU-2019:2658-1

SUSE-SU-2019:2706-1

SUSE-SU-2019:2710-1

SUSE-SU-2019:2756-1

SUSE-SU-2019:2879-1

SUSE-SU-2019:2949-1

SUSE-SU-2019:2950-1

SUSE-SU-2019:2984-1

SUSE-SU-2019:3200-1

SUSE-SU-2019:3295-1

SUSE-SU-2020:0093-1

UBUNTU-CVE-2019-14821

USN-4157-2

USN-4162-1

USN-4162-2

USN-4163-1

USN-4163-2

openSUSE-SU-2019:2307-1

openSUSE-SU-2019:2308-1

Related

Published

2019-09-19T18:15:10Z

Modified

2025-08-09T19:01:26Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvmcoalescedmmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

References

Affected packages