Oval Definition:	oval:com.ubuntu.bionic:def:2019148350000000
Revision Date: 2019-09-17 Version: 1 Title: CVE-2019-14835 on Ubuntu 18.04 LTS (bionic) - high. Description: A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. Peter Pi discovered a buffer overflow in the virtio network backend (vhost_net) implementation in the Linux kernel. An attacker in a guest may be able to use this to cause a denial of service (host OS crash) or possibly execute arbitrary code in the host OS. Family: unix Class: vulnerability Status: Reference(s): CVE-2019-14835 Platform(s): Ubuntu 18.04 LTS Product(s): Definition Synopsis Ubuntu 18.04 LTS (bionic) is installed. AND Package Information linux package in bionic was vulnerable but has been fixed (note: '4.15.0-64.73'). OR linux-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1050.52'). OR linux-aws-5.0 package in bionic, is related to the CVE in some way and has been fixed (note: '5.0.0-1021.24~18.04.1'). OR linux-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1020.21~18.04.1'). OR linux-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1'). OR linux-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1044.70'). OR linux-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1'). OR linux-gke-4.15 package in bionic was vulnerable but has been fixed (note: '4.15.0-1044.46'). OR linux-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1017.17~18.04.1'). OR linux-hwe package in bionic was vulnerable but has been fixed (note: '5.0.0-29.31~18.04.1'). OR linux-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1046.46'). OR linux-meta package in bionic was vulnerable but has been fixed (note: '4.15.0-64.73'). OR linux-meta-aws package in bionic was vulnerable but has been fixed (note: '4.15.0-1050.52'). OR linux-meta-aws-5.0 package in bionic, is related to the CVE in some way and has been fixed (note: '5.0.0-1021.24~18.04.1'). OR linux-meta-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1020.21~18.04.1'). OR linux-meta-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1'). OR linux-meta-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1044.70'). OR linux-meta-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1'). OR linux-meta-gke-4.15 package in bionic was vulnerable but has been fixed (note: '4.15.0-1044.46'). OR linux-meta-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1017.17~18.04.1'). OR linux-meta-hwe package in bionic was vulnerable but has been fixed (note: '5.0.0-29.31~18.04.1'). OR linux-meta-kvm package in bionic was vulnerable but has been fixed (note: '4.15.0-1046.46'). OR linux-meta-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1056.65'). OR linux-meta-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1022.24'). OR linux-meta-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1025.28'). OR linux-meta-oracle-5.0 package in bionic, is related to the CVE in some way and has been fixed (note: '5.0.0-1007.12~18.04.1'). OR linux-meta-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1047.51'). OR linux-meta-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1'). OR linux-meta-snapdragon package in bionic was vulnerable but has been fixed (note: '4.15.0-1064.71'). OR linux-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1056.65'). OR linux-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1022.24'). OR linux-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1025.28'). OR linux-oracle-5.0 package in bionic, is related to the CVE in some way and has been fixed (note: '5.0.0-1007.12~18.04.1'). OR linux-raspi2 package in bionic was vulnerable but has been fixed (note: '4.15.0-1047.51'). OR linux-raspi2-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1017.19~18.04.1'). OR linux-signed package in bionic was vulnerable but has been fixed (note: '4.15.0-64.73'). OR linux-signed-azure package in bionic was vulnerable but has been fixed (note: '5.0.0-1020.21~18.04.1'). OR linux-signed-azure-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1007.8~18.04.1'). OR linux-signed-gcp package in bionic was vulnerable but has been fixed (note: '4.15.0-1044.70'). OR linux-signed-gcp-5.3 package in bionic, is related to the CVE in some way and has been fixed (note: '5.3.0-1008.9~18.04.1'). OR linux-signed-gke-4.15 package in bionic was vulnerable but has been fixed (note: '4.15.0-1044.46'). OR linux-signed-gke-5.0 package in bionic was vulnerable but has been fixed (note: '5.0.0-1017.17~18.04.1'). OR linux-signed-hwe package in bionic was vulnerable but has been fixed (note: '5.0.0-29.31~18.04.1'). OR linux-signed-oem package in bionic was vulnerable but has been fixed (note: '4.15.0-1056.65'). OR linux-signed-oem-osp1 package in bionic was vulnerable but has been fixed (note: '5.0.0-1022.24'). OR linux-signed-oracle package in bionic was vulnerable but has been fixed (note: '4.15.0-1025.28'). OR linux-signed-oracle-5.0 package in bionic, is related to the CVE in some way and has been fixed (note: '5.0.0-1007.12~18.04.1'). OR linux-snapdragon package in bionic was vulnerable but has been fixed (note: '4.15.0-1064.71').
BACK