An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements Coalesced MMIO write operation. It operates on a MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user/process with access to '/dev/kvm' device could use this flaw to crash the host kernel resulting in DoS OR potentially escalate privileges on the system. Upstream patch: --------------- -> https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=b60fe990c6b07ef6d4df67bc0530c7c90a62623a Reference: ---------- -> https://www.openwall.com/lists/oss-security/2019/09/20/1
Acknowledgments: Name: Matt Delco (Google.com)
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1753596]
Mitigation: Restrict access to the '/dev/kvm' device to trusted users.
Statement: This issue requires unprivileged users to have access to '/dev/kvm' device. So restricting access to '/dev/kvm' device to known trusted users could limit its exploitation by untrusted users/processes.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3309 https://access.redhat.com/errata/RHSA-2019:3309
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3517 https://access.redhat.com/errata/RHSA-2019:3517
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14821
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3979 https://access.redhat.com/errata/RHSA-2019:3979
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:3978 https://access.redhat.com/errata/RHSA-2019:3978
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:4154 https://access.redhat.com/errata/RHSA-2019:4154
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2019:4256 https://access.redhat.com/errata/RHSA-2019:4256
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0027 https://access.redhat.com/errata/RHSA-2020:0027
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:2851 https://access.redhat.com/errata/RHSA-2020:2851