A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.
Find out more about CVE-2014-3611 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5. Future updates may address this issue in the
respective Red Hat Enterprise Linux releases.
| Base Score | 5.5 |
|---|---|
| Base Metrics | AV:A/AC:L/Au:S/C:N/I:N/A:C |
| Access Vector | Adjacent Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2014:1843 | 2014-11-11 |
| RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) | RHSA-2015:0126 | 2015-02-04 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2014:1724 | 2014-10-28 |
| Red Hat Enterprise Linux Virtualization 5 (kvm) | RHSA-2015:0869 | 2015-04-22 |
| Red Hat Enterprise Linux Extended Update Support 6.5 (kernel) | RHSA-2015:0284 | 2015-03-03 |
Vulmon