It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way.
Find out more about CVE-2014-7842 from the MITRE CVE dictionary dictionary and NIST NVD.
This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5.
| Base Score | 4 |
|---|---|
| Base Metrics | AV:L/AC:H/Au:N/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2016:0855 | 2016-05-10 |
| Red Hat Enterprise Linux 7 (kernel) | RHSA-2015:2152 | 2015-11-19 |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
Vulmon