cve/CVE-2019-14835.md at 3877a24e5dfa1e5207c3ff2cc1b39969dba74f43

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-05 18:27:17 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

POC

Reference

http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html
http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
http://www.openwall.com/lists/oss-security/2019/09/24/1

Github

https://github.com/alphaSeclab/sec-daily-2019
https://github.com/kaosagnt/ansible-everyday

1.2 KiB Raw Blame History

CVE-2019-14835

Description

POC

Reference

Github

1.2 KiB

Raw Blame History