| Revision Date: | 2014-04-14 | Version: | 1 | | Title: | CVE-2014-0155 on Ubuntu 12.04 LTS (precise) - low. | | Description: | The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash).
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-0155
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-lts-raring' package in precise is not affected.
OR The 'linux-lts-saucy' package in precise was vulnerable but has been fixed (note: '3.11.0-23.40~precise1').
OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-35.62~precise1').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected.
|
|