PT-2014-5436 · Linux+5 · Linux Kernel+5

Published

2014-10-23

·

Updated

2023-02-13

·

CVE-2014-3647

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.17.2
Description The issue is related to the KVM subsystem in the Linux kernel, where a flaw in the arch/x86/kvm/emulate.c file allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. A guest user with access to I/O or MMIO region can exploit this flaw to crash the guest.
Recommendations For Linux kernel versions through 3.17.2, update to a version later than 3.17.2 to resolve the issue. As a temporary workaround, consider restricting access to I/O or MMIO regions to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2014-2361
ALT-PU-2015-1794
CESA-2015_2152
CVE-2014-3647
DSA-3060-1
MGASA-2014-0474
MGASA-2014-0475
MGASA-2015-0075
MGASA-2015-0076
MGASA-2015-0077
MGASA-2015-0078
RHSA-2015:2152
RHSA-2015_2152
SUSE-RU-2015:0621-1
SUSE-SU-2015:0481-1
SUSE-SU-2015:0581-1
SUSE-SU-2015:0736-1
SUSE-SU-2015:1071-1
SUSE-SU-2015:1174-1
SUSE-SU-2015:1376-1
USN-2394-1
USN-2395-1
USN-2396-1
USN-2417-1
USN-2418-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu