5.5

CVE-2014-3610

Exploit
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.17.2
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEditionesm
DebianDebian Linux Version7.0
OpensuseEvergreen Version11.4
SuseSuse Linux Enterprise Server Version11 Updatesp2 SwEditionltss
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.437
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-2417-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2418-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2394-1
Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
http://rhn.redhat.com/errata/RHSA-2015-0869.html
Third Party Advisory
http://www.debian.org/security/2014/dsa-3060
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/24/9
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/70742
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2491-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1144883
Patch
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
Patch
Third Party Advisory
Exploit