PT-2014-5434 · Linux+3 · Linux Kernel+3

Published

2013-11-19

·

Updated

2023-02-13

·

CVE-2014-3645

CVSS v2.0

2.1

Low

VectorAV:L/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.12
Description The issue is related to the KVM subsystem in the Linux kernel, specifically in the arch/x86/kvm/vmx.c file. It does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. A local unprivileged guest user could use this flaw to crash the guest.
Recommendations For Linux kernel versions prior to 3.12, update to version 3.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the KVM subsystem to minimize the risk of exploitation.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2013-1133
ALT-PU-2014-1422
CESA-2014_1724
CESA-2014_1843
CVE-2014-3645
DSA-3060-1
RHSA-2014:1724
RHSA-2014:1843
RHSA-2014_1724
RHSA-2014_1843
RHSA-2015:0126
RHSA-2015:0284
USN-2417-1
USN-2418-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat