OVAL Reference oval:com.ubuntu.xenial:def:20143646000

Oval Definition:

oval:com.ubuntu.xenial:def:20143646000

Revision Date:	2014-11-10	Version:	1
Title:	CVE-2014-3646 on Ubuntu 16.04 LTS (xenial) - high.
Description:	arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. A local unprivileged guest user could use this flaw to crash the guest. A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2014-3646
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in xenial is not affected (note: '4.2.0-16.19'). OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected (note: '4.4.0-1001.10'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-gke' package in xenial is not affected (note: '4.4.0-1003.3'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-hwe' package in xenial is not affected (note: '4.8.0-36.36~16.04.1'). OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in xenial is not affected (note: '4.8.0-36.36~16.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned'). OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected (note: '4.2.0-1013.19'). OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected (note: '4.4.0-1012.12').

BACK