Page 554 of 2909 results (0.022 seconds)

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2014-3647 – kernel: kvm: noncanonical rip after emulation

https://notcve.org/view.php?id=CVE-2014-3647

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/emulate.c en el subsistema KVM en el kernel de Linux hasta 3.17.2 no realiza debidamente los cambios RIP, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo invitado) a través de una aplicación manipulada. A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=234f3ce485d54017f15cf5e0699cff4100121601 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d1442d85cc30ea75f7d399474ca738e0bc96f715 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http:/ • CWE-248: Uncaught Exception •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-3611 – kernel: kvm: PIT timer race condition

https://notcve.org/view.php?id=CVE-2014-3611

Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. Condición de carrera en la función __kvm_migrate_pit_timer en arch/x86/kvm/i8254.c en el subsistema KVM en el kernel de Linux hasta 3.17.2 permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo anfitrión) mediante el aprovechamiento de la emulación PIT incorrecta. A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=2febc839133280d5a5e8e1179c94ea674489dae2 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://rhn.redhat.com/errata/RHSA-2015-0869.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http://www.ubuntu.com/usn/USN-2394-1 http://www.ubuntu.com/usn/USN-2417-1 http://www.ubun • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.7EPSS: 0%CPEs: 272EXPL: 0

CVE-2014-3645 – kernel: kvm: vmx: invept vm exit not handled

https://notcve.org/view.php?id=CVE-2014-3645

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/vmx.c en el subsistema KVM en el kernel de Linux anterior a 3.12 no tiene un manejador de salida para la instrucción INVEPT, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo invitado) a través de una aplicación manipulada. It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) instructions. On hosts with an Intel processor and invept VM exit support, an unprivileged guest user could use these instructions to crash the guest. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bfd0a56b90005f8c8a004baf407ad90045c2b11e http://rhn.redhat.com/errata/RHSA-2015-0126.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http://www.ubuntu.com/usn/USN-2417-1 http://www.ubuntu.com/usn/USN-2418-1 https://bugzilla.redhat.com/show_bug.cgi?id=1144835 https://github • CWE-20: Improper Input Validation CWE-248: Uncaught Exception •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2014-3646 – kernel: kvm: vmx: invvpid vm exit not handled

https://notcve.org/view.php?id=CVE-2014-3646

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/vmx.c en el subsistema KVM en el kernel de Linux hasta 3.17.2 no tiene un manejador de salida para la instrucción INVVPID, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio (caída del sistema operativo invitado) a través de una aplicación manipulada. It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-0126.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://www.debian.org/security/2014/dsa-3060 http://www.openwall.com/lists/oss-security/2014/10/24/9 http://www. • CWE-248: Uncaught Exception •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 3

CVE-2014-8086 – Kernel: fs: ext4 race condition

https://notcve.org/view.php?id=CVE-2014-8086

Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag. Condición de carrera en la función ext4_file_write_iter en fs/ext4/file.c en el kernel de Linux hasta 3.17 permite a usuarios locales causar una denegación de servicio (no disponibilidad de ficheros) a través de una combinación de una acción de escritura y una operación F_SETFL fcntl para el indicador O_DIRECT. A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://rhn.redhat.com/errata/RHSA-2015-0290.html http://rhn.redhat.com/errata/RHSA-2015-0694.html http://www.openwall.com/lists/oss-security/2014/10/09/25 http://www.securityfocus.com/bid/70376 http://www.spinics.net/lists/linux-ext4/msg45683.html http://www.spinics.net/lists/linux-ext4/msg45685.html https://bugzilla.redhat.com/show_bug.cgi?id=1151353 https://exchange.xforce.ibmcloud.com/vulnerabi • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •