Published: 14/04/2014 Updated: 07/11/2023

CVSS v2 Base Score: 5.5 | Impact Score: 6.9 | Exploitability Score: 5.1

VMScore: 490

Vector: AV:A/AC:L/Au:S/C:N/I:N/A:C

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel up to and including 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Debian Bug report logs - #747166 CVE-2014-0196: pty layer race condition memory corruption Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Tue, 6 May 2014 07:00:01 UTC Severity: grave Tags: security Found in versions 3241-2 ...

Debian Bug report logs - #747326 CVE-2014-3122: try_to_unmap_cluster() should lock_page() before mlocking Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Henri Salo <henri@nervfi> Date: Wed, 7 May 2014 14:48:02 UTC Severity: important Tags: fixed-upstream, p ...

Several security issues were fixed in the kernel ...

CWE-20 http://www.openwall.com/lists/oss-security/2014/04/07/2 http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60 https://bugzilla.redhat.com/show_bug.cgi?id=1081589 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747166 https://usn.ubuntu.com/2337-1/

CVE-2014-0155

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect