The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel up to and including 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
linux linux kernel |
Utopic Unicorn gets another gallop to leap security rainbow
Ubuntu has changed its mind on an end-of-life announcement, giving Version 14.10 one last kernel patch to cover off some big vulns. Usually, end-of-life means what it says: a version isn't going to get any more updates, and that was the status of Ubuntu 14.10 “Utopic Unicorn” (guys, it's time to rethink your naming conventions) after July 23. However, the outfit has decided it needs one last patch due to the severity of the bugs discussed here. The bugs are CVE-2015-4692, a KVM NULL-pointer ...