OVAL Reference oval:com.ubuntu.trusty:def:20143647000

Oval Definition:

oval:com.ubuntu.trusty:def:20143647000

Revision Date:	2014-11-10	Version:	1
Title:	CVE-2014-3647 on Ubuntu 14.04 LTS (trusty) - high.
Description:	arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. A guest user with access to I/O or MMIO region can use this flaw to crash the guest. Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2014-3647
Platform(s):	Ubuntu 14.04 LTS	Product(s):
Definition Synopsis
Ubuntu 14.04 LTS (trusty) is installed. AND Package Information The 'linux' package in trusty was vulnerable but has been fixed (note: '3.13.0-39.66'). OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected (note: '3.16.0-25.33~14.04.2'). OR NOT While related to the CVE in some way, the 'linux-lts-vivid' package in trusty is not affected (note: '3.19.0-18.18~14.04.1'). OR NOT While related to the CVE in some way, the 'linux-lts-wily' package in trusty is not affected (note: '4.2.0-18.22~14.04.1'). OR NOT While related to the CVE in some way, the 'linux-lts-xenial' package in trusty is not affected (note: '4.4.0-13.29~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it. OR While related to the CVE in some way, a decision has been made to ignore it.

BACK