Vulnerability Details : CVE-2019-3882
A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.
Vulnerability category: Denial of service
Products affected by CVE-2019-3882
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.14:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.18:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:virtual_storage_console_for_vmware_vsphere:*:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*
- Netapp » Storage Replication Adapter For Clustered Data Ontap For Vmware VsphereVersions from including (>=) 7.2cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap_for_vmware_vsphere:*:*:*:*:*:*:*:*
Threat overview for CVE-2019-3882
Top countries where our scanners detected CVE-2019-3882
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2019-3882 1,517
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2019-3882!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2019-3882
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3882
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
|
4.7
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.0
|
3.6
|
Red Hat, Inc. | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-3882
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)
References for CVE-2019-3882
-
https://usn.ubuntu.com/3982-2/
USN-3982-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3979-1/
USN-3979-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3517
RHSA-2019:3517 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
[security-announce] openSUSE-SU-2019:1407-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00037.html
[security-announce] openSUSE-SU-2019:1404-1: important: Security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190517-0005/
May 2019 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://usn.ubuntu.com/3981-2/
USN-3981-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3980-2/
USN-3980-2: Linux kernel (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
[security-announce] openSUSE-SU-2019:1479-1: important: Security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2019/dsa-4497
Debian -- Security Information -- DSA-4497-1 linuxThird Party Advisory
-
https://usn.ubuntu.com/3980-1/
USN-3980-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2029
RHSA-2019:2029 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3982-1/
USN-3982-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
[SECURITY] [DLA 1799-2] linux security updateMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3882
1689426 – (CVE-2019-3882) CVE-2019-3882 kernel: denial of service vector through vfio DMA mappingsIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:3309
RHSA-2019:3309 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/3981-1/
USN-3981-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
[SECURITY] [DLA 1885-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:2043
RHSA-2019:2043 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
[SECURITY] [DLA 1799-1] linux security updateMailing List;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/18
Bugtraq: [SECURITY] [DSA 4497-1] linux security updateMailing List;Third Party Advisory
Jump to