CVE-2014-3690 – kernel: kvm: vmx: invalid host cr4 handling across vm entries
https://notcve.org/view.php?id=CVE-2014-3690
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. arch/x86/kvm/vmx.c en el subsistema KVM en el kernel de Linux anterior a 3.17.2 en los procesadores Intel no asegura que el valor en el registro de control CR4 queda igual después de una entrada VM, lo que permite a usuarios del sistema operativo anfitrión cancelar varios procesos o causar una denegación de servicio (interrupción del sistema) mediante el aprovechamiento del acceso a /dev/kvm, tal y como fue demostrado por llamadas a prctl PR_SET_TSC dentro de una copia modificada de QEMU. It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-3687 – kernel: net: sctp: fix panic on duplicate ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3687
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. La función sctp_assoc_lookup_asconf_ack en net/sctp/associola.c en la implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (kernel panic) a través de trozos ASCONF duplicados que provocan una liberación incorrecta dentro del intérprete de efectos secundarios. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395 http://linux.oracle.com/errata/ELSA-2014-3087.html http://linux.oracle.com/errata/ELSA-2014-3088.html http://linux.oracle.com/errata/ELSA-2014-3089.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-3601 – kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()
https://notcve.org/view.php?id=CVE-2014-3601
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages. La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.16.1 calcula erróneamente el número de las páginas durante el manejo de un fallo en las asignaciones, lo que permite a usuarios del sistema operativo invitado (1) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante la provocación de un valor gfn grande o (2) causar una denegación de servicio (corrupción de la memoria del sistema operativo anfitrión) mediante la provocación de un valor gfn pequeño que conduce a páginas fijadas (pinned) permanentemente. A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://secunia.com/advisories/60830 http://www.securityfocus.com/bid/69489 http://www.ubuntu.com/usn/USN-2356-1 http://www.ubuntu.com/usn/USN-2357 • CWE-189: Numeric Errors •
CVE-2014-5077 – Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
https://notcve.org/view.php?id=CVE-2014-5077
The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. La función sctp_assoc_update en net/sctp/associola.c en el kernel de Linux hasta 3.15.8, cuando la autenticación SCTP está habilitada, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y OOPS) mediante el inicio del establecimiento de una asociación entre dos endpoints inmediatamente después de un intercambio de fragmentos INIT y INIT ACK para establecer una asociación anterior entre estos endpoints en la dirección opuesta. A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1be9a950c646c9092fb3618197f7b6bfb50e82aa http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html http://rhn.redhat.com/errata/RHSA-2014-1083.html http://rhn.redhat.com/errata/RHSA-2014-1668.html http://rhn.redhat.com/errata/RHSA-2014-1763.html http://secunia.com/advisories/59777 http://secunia.com/advisories/60430 h • CWE-476: NULL Pointer Dereference •
CVE-2014-4608 – kernel: lzo1x_decompress_safe() integer overflow
https://notcve.org/view.php?id=CVE-2014-4608
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype. ** DISPUTADA ** Múltiples desbordamientos de enteros en la función lzo1x_decompress_safe en lib/lzo/lzo1x_decompress_safe.c en el descompresor LZO en el kernel de Linux anterior a 3.15.2 permiten a atacantes dependientes de contexto causar una denegación de servicio (corrupción de memoria) a través de un 'Literal Run' manipulado. NOTA: el autor de los algoritmos LZO algorithms dice que 'el kernel de Linux *no* está afectado; sensacionalismo periodístico.' An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. • http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206a81c18401c0cde6e579164f752c4b147324ce http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0062.html http://secunia.com/advisori • CWE-190: Integer Overflow or Wraparound •