7.8

CVE-2014-8369

Exploit
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 3.17.2
DebianDebian Linux Version7.0
OpensuseEvergreen Version11.4
SuseLinux Enterprise Real Time Extension Version11 Updatesp3
SuseSuse Linux Enterprise Server Version11 Updatesp2 SwEditionltss
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.57% 0.424
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
Third Party Advisory
Mailing List
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
http://rhn.redhat.com/errata/RHSA-2015-0674.html
Third Party Advisory
http://secunia.com/advisories/62326
Broken Link
http://secunia.com/advisories/62336
Broken Link
http://www.debian.org/security/2014/dsa-3093
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/24/7
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/70747
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/70749
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1156518
Patch
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
Patch
Third Party Advisory
Exploit
https://lkml.org/lkml/2014/10/24/460
Patch
Third Party Advisory
Exploit
Mailing List