What is CVE-2019-14835?

CVE-2019-14835 is a high-severity vulnerability in Huawei Imanager_neteco, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.8/10. Published 2019-09-17.

How severe is CVE-2019-14835?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2019-14835 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Huawei Imanager_neteco

CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pa…

Vulnerability class: Buffer Overflow

EPSS: 0.006 (45.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Huawei Imanager_neteco — versions v600r009c00, v600r009c10spc200
Huawei Imanager_neteco_6000 — versions v600r008c10spc300, v600r008c20
Huawei Manageone — versions 6.5.0, 6.5.0.spc100.b210, 6.5.1rc1.b060
Linux Linux_kernel — versions 5.3
Linux Kernel — versions from version 2.6.34 to 5.2.x
Netapp Aff_a700s
Netapp Aff_a700s_firmware
Netapp Data_availability_services
Netapp H300e
Netapp H300e_firmware

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
secalert@redhat.com (Exploit, Patch, Mailing List, Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_FEDORA, vendor-advisory, Mailing List)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2019-14835?: CVE-2019-14835 is a high-severity vulnerability in Huawei Imanager_neteco, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). CVSS score: 7.8/10. Published 2019-09-17.
How severe is CVE-2019-14835?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2019-14835 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.