CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3610 – kernel: kvm: noncanonical MSR writes
https://notcve.org/view.php?id=CVE-2014-3610
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. La funcionalidad de procesamiento WRMSR en el subsistema KVM en el kernel de Linux hasta 3.17.2 no maneja debidamente la escritura de direcciones no canónicas en un registro especifico a modelos, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo anfitrión) mediante el aprovechamiento de los privilegios del sistema operativo invitado, relacionado con la función wrmsr_interception en arch/x86/kvm/svm.c y la función handle_wrmsr en arch/x86/kvm/vmx.c. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-0869.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http://www.securityfocus.com/bid/70742 http://www.ubuntu.com/u • CWE-248: Uncaught Exception •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2014-3647 – kernel: kvm: noncanonical rip after emulation
https://notcve.org/view.php?id=CVE-2014-3647
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/emulate.c en el subsistema KVM en el kernel de Linux hasta 3.17.2 no realiza debidamente los cambios RIP, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo invitado) a través de una aplicación manipulada. A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=234f3ce485d54017f15cf5e0699cff4100121601 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d1442d85cc30ea75f7d399474ca738e0bc96f715 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http:/ • CWE-248: Uncaught Exception •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3646 – kernel: kvm: vmx: invvpid vm exit not handled
https://notcve.org/view.php?id=CVE-2014-3646
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/vmx.c en el subsistema KVM en el kernel de Linux hasta 3.17.2 no tiene un manejador de salida para la instrucción INVVPID, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo invitado) a través de una aplicación manipulada. It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-0126.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http://www. • CWE-248: Uncaught Exception •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 3CVE-2014-8086 – Kernel: fs: ext4 race condition
https://notcve.org/view.php?id=CVE-2014-8086
Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. Condición de carrera en la función ext4_file_write_iter en fs/ext4/file.c en el kernel de Linux hasta 3.17 permite a usuarios locales causar una denegación de servicio (no disponibilidad de ficheros) a través de una combinación de una acción de escritura y una operación F_SETFL fcntl para el indicador O_DIRECT. A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0694.html http://www.openwall.com/lists/oss-security/2014/10/09/25 http://www.securityfocus.com/bid/70376 http://www.spinics.net/lists/linux-ext4/msg45683.html http://www.spinics.net/lists/linux-ext4/msg45685.html https://bugzilla.redhat.com/show_bug.cgi?id=1151353 https://exchange.xforce.ibmcloud.com/vulnerabi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2014-3595 – Satellite: Spacewalk contains XSS in log file view
https://notcve.org/view.php?id=CVE-2014-3595
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. Vulnerabilidad de XSS en spacewalk-java 1.2.39, 1.7.54, y 2.0.2 en Spacewalk y Red Hat Network (RHN) Satellite 5.4 hasta 5.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una petición modificada que no es manejada adecuadamente cuando se accede. A stored cross-site scripting (XSS) flaw was found in the way spacewalk-java displayed log files. By sending a specially crafted request to Satellite, a remote attacker could embed HTML content into the log file, allowing them to inject malicious content into the web page that is used to view that log file. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00009.html http://rhn.redhat.com/errata/RHSA-2014-1184.html http://secunia.com/advisories/61115 http://secunia.com/advisories/62027 https://access.redhat.com/security/cve/CVE-2014-3595 https://bugzilla.redhat.com/show_bug.cgi?id=1129821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •