{"id":"CVE-2019-14835","details":"A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.","modified":"2026-03-15T22:27:54.768958Z","published":"2019-09-17T16:15:10.980Z","related":["MGASA-2019-0287","MGASA-2019-0288","MGASA-2019-0333","SUSE-SU-2019:14218-1","SUSE-SU-2019:2412-1","SUSE-SU-2019:2414-1","SUSE-SU-2019:2424-1","SUSE-SU-2019:2572-1","SUSE-SU-2019:2600-1","SUSE-SU-2019:2601-1","SUSE-SU-2019:2613-1","SUSE-SU-2019:2648-1","SUSE-SU-2019:2651-1","SUSE-SU-2019:2658-1","SUSE-SU-2019:2738-1","SUSE-SU-2019:2756-1","SUSE-SU-2019:2821-1","SUSE-SU-2019:2864-1","SUSE-SU-2019:2949-1","SUSE-SU-2019:2950-1","SUSE-SU-2019:2984-1","SUSE-SU-2019:3200-1","SUSE-SU-2020:0093-1","SUSE-SU-2020:0183-1","openSUSE-SU-2019:2173-1","openSUSE-SU-2019:2181-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2827"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2854"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2862"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2864"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20191031-0005/"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"},{"type":"ADVISORY","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2828"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2863"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2924"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4135-2/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2899"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/10/09/7"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2830"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2867"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2889"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2900"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4531"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2019:2824"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2865"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2866"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2901"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2869"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4135-1/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2829"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/154572/Kernel-Live-Patch-Security-Notice-LSN-0056-1.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/10/09/3"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/10/03/1"},{"type":"REPORT","url":"https://seclists.org/bugtraq/2019/Nov/11"},{"type":"REPORT","url":"https://seclists.org/bugtraq/2019/Sep/41"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14835"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2019/09/17/1"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQFY6JYFIQ2VFQ7QCSXPWTUL5ZDNCJL5/"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2019/09/24/1"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YW3QNMPENPFEGVTOFPSNOBL7JEIJS25P/"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14835.json","unresolved_ranges":[{"events":[{"introduced":"2.6.34"},{"fixed":"3.16.74"}]},{"events":[{"introduced":"4.4"},{"fixed":"4.4.193"}]},{"events":[{"introduced":"4.9"},{"fixed":"4.9.193"}]},{"events":[{"introduced":"4.14"},{"fixed":"4.14.144"}]},{"events":[{"introduced":"4.19"},{"fixed":"4.19.73"}]},{"events":[{"introduced":"5.2"},{"fixed":"5.2.15"}]},{"events":[{"introduced":"0"},{"last_affected":"5.3"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"3.11"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7"}]},{"events":[{"introduced":"0"},{"last_affected":"8"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5"}]},{"events":[{"introduced":"0"},{"last_affected":"6.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"7.2"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.7"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"v600r009c00"}]},{"events":[{"introduced":"0"},{"last_affected":"v600r009c10spc200"}]},{"events":[{"introduced":"0"},{"last_affected":"v600r008c10spc300"}]},{"events":[{"introduced":"0"},{"last_affected":"v600r008c20"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5.0.spc100.b210"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5.1rc1.b060"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5.1rc1.b080"}]},{"events":[{"introduced":"0"},{"last_affected":"6.5.rc2.b050"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}