7.8

CVE-2014-8369

Exploit

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.

Data is provided by the National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 3.17.2
DebianDebian Linux Version7.0
OpensuseEvergreen Version11.4
SuseLinux Enterprise Real Time Extension Version11 Updatesp3
SuseSuse Linux Enterprise Server Version11 Updatesp2 SwEditionltss
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.207
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.openwall.com/lists/oss-security/2014/10/24/7
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/70747
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/70749
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1156518
Patch
Third Party Advisory
Issue Tracking
https://lkml.org/lkml/2014/10/24/460
Patch
Third Party Advisory
Exploit
Mailing List