CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2CVE-2014-8480
https://notcve.org/view.php?id=CVE-2014-8480
The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 lacks intended decoder-table flags for certain RIP-relative instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application. El decodificador de instrucciones en arch/x86/kvm/emulate.c en el subsistema KVM en el kernel de Linux anterior a 3.18-rc2 le falta indicadores de las tablas del decodificador para ciertas instrucciones relacionados con RIP, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (referencia a puntero nulo y caída del sistema operativo anfitrión) a través de una aplicación manipulada. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3f6f1480d86bf9fc16c160d803ab1d006e3058d5 http://thread.gmane.org/gmane.comp.emulators.kvm.devel/128427 http://www.openwall.com/lists/oss-security/2014/10/23/7 http://www.securityfocus.com/bid/70710 https://bugzilla.redhat.com/show_bug.cgi?id=1156615 https://github.com/torvalds/linux/commit/3f6f1480d86bf9fc16c160d803ab1d006e3058d5 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 2CVE-2014-8369 – kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path
https://notcve.org/view.php?id=CVE-2014-8369
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.17.2 calcula mal el número de páginas durante el manejo de fallo en el mapeo, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio ( liberación de página del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de los privilegios del sistema operativo invitado. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2014-3601. It was found that the fix for CVE-2014-3601 was incomplete: the Linux kernel's kvm_iommu_map_pages() function still handled IOMMU mapping failures incorrectly. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0674.html http://secunia.com/advisories/62326 http://secunia.com/advisories/62336 http://www.debian.org/security/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 20EXPL: 1CVE-2014-3687 – kernel: net: sctp: fix panic on duplicate ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3687
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. La función sctp_assoc_lookup_asconf_ack en net/sctp/associola.c en la implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (kernel panic) a través de trozos ASCONF duplicados que provocan una liberación incorrecta dentro del intérprete de efectos secundarios. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b69040d8e39f20d5215a03502a8e8b4c6ab78395 http://linux.oracle.com/errata/ELSA-2014-3087.html http://linux.oracle.com/errata/ELSA-2014-3088.html http://linux.oracle.com/errata/ELSA-2014-3089.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 90%CPEs: 21EXPL: 2CVE-2014-3673 – kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks
https://notcve.org/view.php?id=CVE-2014-3673
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. La implementación SCTP en el kernel de Linux hasta 3.17.2 permite a atacantes remotos causar una denegación de servicio (caída del sistema) a través de un chunk ASCONF malformado, relacionado con net/sctp/sm_make_chunk.c y net/sctp/sm_statefuns.c. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 http://linux.oracle.com/errata/ELSA-2014-3087.html http://linux.oracle.com/errata/ELSA-2014-3088.html http://linux.oracle.com/errata/ELSA-2014-3089.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 20%CPEs: 204EXPL: 1CVE-2014-3688 – kernel: net: sctp: remote memory pressure from excessive queueing
https://notcve.org/view.php?id=CVE-2014-3688
The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. La implementación SCTP en el kernel de Linux anterior a 3.17.4 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) mediante la provocación de un gran número de trozos (chunks) en la cola de salidas de una asociación, tal y como fue demostrado por sondas ASCONF, relacionado con net/sctp/inqueue.c y net/sctp/sm_statefuns.c. A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26b87c7881006311828bb0ab271a551a62dcceb4 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://marc.info/?l=bugtraq&m=142722450701342&w=2 http://marc.info/?l=bugtraq& • CWE-399: Resource Management Errors •