// For flags

CVE-2014-8369

kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.

La función kvm_iommu_map_pages en virt/kvm/iommu.c en el kernel de Linux hasta 3.17.2 calcula mal el número de páginas durante el manejo de fallo en el mapeo, lo que permite a usuarios del sistema operativo invitado causar una denegación de servicio ( liberación de página del sistema operativo anfitrión) o posiblemente tener otro impacto no especificado mediante el aprovechamiento de los privilegios del sistema operativo invitado. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2014-3601.

It was found that the fix for CVE-2014-3601 was incomplete: the Linux kernel's kvm_iommu_map_pages() function still handled IOMMU mapping failures incorrectly. A privileged user in a guest with an assigned host device could use this flaw to crash the host.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Adjacent
Attack Complexity
High
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-21 CVE Reserved
  • 2014-11-10 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-11-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
<= 3.17.2
Search vendor "Linux" for product "Linux Kernel" and version " <= 3.17.2"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Opensuse
Search vendor "Opensuse"
Evergreen
Search vendor "Opensuse" for product "Evergreen"
11.4
Search vendor "Opensuse" for product "Evergreen" and version "11.4"
-
Affected
Suse
Search vendor "Suse"
Linux Enterprise Real Time Extension
Search vendor "Suse" for product "Linux Enterprise Real Time Extension"
11
Search vendor "Suse" for product "Linux Enterprise Real Time Extension" and version "11"
sp3
Affected
Suse
Search vendor "Suse"
Suse Linux Enterprise Server
Search vendor "Suse" for product "Suse Linux Enterprise Server"
11
Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "11"
sp2, ltss
Affected