Published: 10/11/2014 Updated: 13/02/2023

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 170

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel up to and including 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux 6.0
redhat enterprise linux 5.0
canonical ubuntu linux 12.04
debian debian linux 7.0
opensuse evergreen 11.4
suse suse linux enterprise server 11
oracle linux 7

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red H ...

Debian Bug report logs - #774155 linux: CVE-2014-9428: Remote crash of kernel via batman-adv module Package: linux; Maintainer for linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: conchur@webde Date: Mon, 29 Dec 2014 16:48:01 UTC Severity: important Tags: patch, security, upstream Found in versi ...

Several security issues were fixed in the kernel ...

A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls) A guest user with access to an I/O or MMIO region could use this flaw to crash the guest ...

NVD-CWE-noinfo http://www.openwall.com/lists/oss-security/2014/10/24/9 https://github.com/torvalds/linux/commit/d1442d85cc30ea75f7d399474ca738e0bc96f715 https://bugzilla.redhat.com/show_bug.cgi?id=1144897 https://github.com/torvalds/linux/commit/234f3ce485d54017f15cf5e0699cff4100121601 http://www.ubuntu.com/usn/USN-2394-1 http://www.ubuntu.com/usn/USN-2418-1 http://www.ubuntu.com/usn/USN-2417-1 http://www.debian.org/security/2014/dsa-3060 http://www.securityfocus.com/bid/70748 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d1442d85cc30ea75f7d399474ca738e0bc96f715 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=234f3ce485d54017f15cf5e0699cff4100121601 https://access.redhat.com/errata/RHSA-2015:2152 https://nvd.nist.gov https://usn.ubuntu.com/2395-1/

CVE-2014-3647

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect