CVE-2014-0155

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.14.1 SUSE Linux Enterprise kernel-pae-devel (affected versions not specified) SUSE Linux Enterprise kernel-xen-devel (affected versions not specified) SUSE Linux Enterprise gfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise kernel-ec2-devel (affected versions not specified)

Description The issue allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. This is due to the ioapic deliver function in virt/kvm/ioapic.c not properly validating the kvm irq delivery to apic return value. The affected code was moved to the ioapic service function before the vulnerability was announced. Multiple vulnerabilities in SUSE Linux Enterprise packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Linux kernel versions through 3.14.1: Update to a version later than 3.14.1 to resolve the issue. For SUSE Linux Enterprise kernel-pae-devel: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For SUSE Linux Enterprise kernel-xen-devel: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For SUSE Linux Enterprise gfs2-kmp-xen: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For SUSE Linux Enterprise kernel-ec2-devel: At the moment, there is no information about a newer version that contains a fix for this vulnerability.