Sign-up

ID

VAR-201911-0634


CVE

CVE-2019-18844


TITLE

ACRN Reachable vulnerability in reachable

Trust: 0.8

sources: JVNDB: JVNDB-2019-012159

DESCRIPTION

The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1. ACRN Contains a vulnerability with reachable assertions.Service operation interruption (DoS) There is a possibility of being put into a state. ACRN is an open source virtual machine monitor for the Internet of Things. There are security vulnerabilities in the previous version of ACRN 2019w25.5-140000p. An attacker can use this vulnerability to cause a denial of service

Trust: 2.7

sources: NVD: CVE-2019-18844 // JVNDB: JVNDB-2019-012159 // CNVD: CNVD-2020-22865 // CNNVD: CNNVD-201911-754

IOT TAXONOMY

category:['IoT', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22865

AFFECTED PRODUCTS

vendor:linuxmodel:acrnscope:ltversion:2019w25.5-140000p

Trust: 1.0

vendor:acrnmodel:project acrn embedded hypervisorscope:ltversion:2019w25.5-140000p

Trust: 0.8

vendor:linuxmodel:acrn <2019w25.5-140000pscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-22865 // JVNDB: JVNDB-2019-012159 // NVD: CVE-2019-18844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18844
value: HIGH

Trust: 1.0

NVD: CVE-2019-18844
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22865
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201911-754
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-18844
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-22865
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18844
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-18844
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-22865 // JVNDB: JVNDB-2019-012159 // CNNVD: CNNVD-201911-754 // NVD: CVE-2019-18844

PROBLEMTYPE DATA

problemtype:CWE-617

Trust: 1.8

sources: JVNDB: JVNDB-2019-012159 // NVD: CVE-2019-18844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-754

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-754

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-012159

PATCH
title:dm: pci: clean up assert() in pci core (projectacrn)url:https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa
Trust: 0.8
title:dm: validate the input in 'pci_emul_mem_handler()'url:https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535
Trust: 0.8
title:Comparing changesurl:https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p
Trust: 0.8
title:Assert usages issue in device model from KW work. #3252url:https://github.com/projectacrn/acrn-hypervisor/issues/3252
Trust: 0.8
title:dm: pci: clean up assert() in pci core (shuox)url:https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc
Trust: 0.8
title:Patch for ACRN Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/213823
Trust: 0.6
title:ACRN Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103334
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22865 // 
            
            
            
            JVNDB: JVNDB-2019-012159 // 
            
            
            
            CNNVD: CNNVD-201911-754

EXTERNAL IDS
db:NVDid:CVE-2019-18844
Trust: 3.0
db:JVNDBid:JVNDB-2019-012159
Trust: 0.8
db:CNVDid:CNVD-2020-22865
Trust: 0.6
db:CNNVDid:CNNVD-201911-754
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-22865 // 
            
            
            
            JVNDB: JVNDB-2019-012159 // 
            
            
            
            CNNVD: CNNVD-201911-754 // 
            
            
            
            NVD: CVE-2019-18844

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2019-18844
Trust: 2.0
url:https://github.com/projectacrn/acrn-hypervisor/compare/acrn-2019w25.4-140000p...acrn-2019w25.5-140000p
Trust: 1.6
url:https://github.com/shuox/acrn-hypervisor/commit/97b153237c256c586e528eac7fc2f51aedb2b2fc
Trust: 1.6
url:https://github.com/projectacrn/acrn-hypervisor/commit/2b3dedfb9ba13f15887f22b935d373f36c9a59fa
Trust: 1.6
url:https://github.com/projectacrn/acrn-hypervisor/issues/3252
Trust: 1.6
url:https://github.com/projectacrn/acrn-hypervisor/commit/6199e653418eda58cd698d8769820904453e2535
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18844
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-22865 // 
            
            
            
            JVNDB: JVNDB-2019-012159 // 
            
            
            
            CNNVD: CNNVD-201911-754 // 
            
            
            
            NVD: CVE-2019-18844

SOURCES
db:CNVDid:CNVD-2020-22865
db:JVNDBid:JVNDB-2019-012159
db:CNNVDid:CNNVD-201911-754
db:NVDid:CVE-2019-18844

LAST UPDATE DATE
2024-11-23T22:51:37.227000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-22865date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2019-012159date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-754date:2020-11-12T00:00:00
db:NVDid:CVE-2019-18844date:2024-11-21T04:33:41.810

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-22865date:2020-04-14T00:00:00
db:JVNDBid:JVNDB-2019-012159date:2019-11-26T00:00:00
db:CNNVDid:CNNVD-201911-754date:2019-11-13T00:00:00
db:NVDid:CVE-2019-18844date:2019-11-13T20:15:11.020