| Revision Date: | 2014-11-10 | Version: | 1 | | Title: | CVE-2014-3610 on Ubuntu 12.04 LTS (precise) - high. | | Description: | The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. A privileged guest user can use this flaw to crash the host. The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. A privileged guest user can use this flaw to crash the host. Enabling CONFIG_PARAVIRT when building the kernel mitigates this issue because wrmsrl() ends up invoking safe msr write variant. Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2014-3610
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND Package Information
The 'linux' package in precise was vulnerable but has been fixed (note: '3.2.0-72.107').
OR The 'linux-armadaxp' package in precise was vulnerable but has been fixed (note: '3.2.0-1641.59').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.5.0-57.84~precise1] OEM release').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needs-triage now end-of-life').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was pending [3.11.0-30.51~precise1] OEM release').
OR The 'linux-lts-trusty' package in precise was vulnerable but has been fixed (note: '3.13.0-39.66~precise1').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR The 'linux-ti-omap4' package in precise was vulnerable but has been fixed (note: '3.2.0-1456.76').
|
|