CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2014-8481
https://notcve.org/view.php?id=CVE-2014-8481
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480. El decodificador de instrucciones en arch/x86/kvm/emulate.c en el subsistema KVM en el kernel de Linux anterior a 3.18-rc2 no maneja debidamente las instrucciones inválidas, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (referencia a puntero nulo y caída del sistema operativo anfitrión) a través de una aplicación manipulada que provoca (1) una instrucción traída indebidamente o (2) una instrucción que ocupa demasiados bytes. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-8480. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a430c9166312e1aa3d80bce32374233bdbfeba32 http://secunia.com/advisories/62042 http://thread.gmane.org/gmane.comp.emulators.kvm.devel/128427 http://www.openwall.com/lists/oss-security/2014/10/23/7 https://bugzilla.redhat.com/show_bug.cgi?id=1156615 https://github.com/torvalds/linux/commit/a430c9166312e1aa3d80bce32374233bdbfeba32 • CWE-399: Resource Management Errors •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2014-8480
https://notcve.org/view.php?id=CVE-2014-8480
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application. El decodificador de instrucciones en arch/x86/kvm/emulate.c en el subsistema KVM en el kernel de Linux anterior a 3.18-rc2 le falta indicadores de las tablas del decodificador para ciertas instrucciones relacionados con RIP, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (referencia a puntero nulo y caída del sistema operativo anfitrión) a través de una aplicación manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3f6f1480d86bf9fc16c160d803ab1d006e3058d5 http://thread.gmane.org/gmane.comp.emulators.kvm.devel/128427 http://www.openwall.com/lists/oss-security/2014/10/23/7 http://www.securityfocus.com/bid/70710 https://bugzilla.redhat.com/show_bug.cgi?id=1156615 https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-3690 – kernel: kvm: vmx: invalid host cr4 handling across vm entries
https://notcve.org/view.php?id=CVE-2014-3690
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. arch/x86/kvm/vmx.c en el subsistema KVM en el kernel de Linux anterior a 3.17.2 en los procesadores Intel no asegura que el valor en el registro de control CR4 queda igual después de una entrada VM, lo que permite a usuarios del sistema operativo anfitrión cancelar varios procesos o causar una denegación de servicio (interrupción del sistema) mediante el aprovechamiento del acceso a /dev/kvm, tal y como fue demostrado por llamadas a prctl PR_SET_TSC dentro de una copia modificada de QEMU. It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 20%CPEs: 204EXPL: 1CVE-2014-3688 – kernel: net: sctp: remote memory pressure from excessive queueing
https://notcve.org/view.php?id=CVE-2014-3688
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. La implementación SCTP en el kernel de Linux anterior a 3.17.4 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante la provocación de un gran número de trozos (chunks) en la cola de salidas de una asociación, tal y como fue demostrado por sondas ASCONF, relacionado con net/sctp/inqueue.c y net/sctp/sm_statefuns.c. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26b87c7881006311828bb0ab271a551a62dcceb4 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://marc.info/?l=bugtraq&m=142722450701342&w=2 http://marc.info/?l=bugtraq& • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2014-3610 – kernel: kvm: noncanonical MSR writes
https://notcve.org/view.php?id=CVE-2014-3610
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. La funcionalidad de procesamiento WRMSR en el subsistema KVM en el kernel de Linux hasta 3.17.2 no maneja debidamente la escritura de direcciones no canónicas en un registro especifico a modelos, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo anfitrión) mediante el aprovechamiento de los privilegios del sistema operativo invitado, relacionado con la función wrmsr_interception en arch/x86/kvm/svm.c y la función handle_wrmsr en arch/x86/kvm/vmx.c. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-0869.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http://www.securityfocus.com/bid/70742 http://www.ubuntu.com/u • CWE-248: Uncaught Exception •