| Revision Date: | 2014-12-29 | Version: | 3 |
| Title: | USN-2394-1 -- Linux kernel (Trusty HWE) vulnerabilities |
| Description: | Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandlesnoncanonical addresses when emulating instructions that change the rip(Instruction Pointer). A guest user with access to I/O or the MMIO can usethis flaw to cause a denial of service (system crash) of the guest.(CVE-2014-3647)A flaw was discovered with the handling of the invept instruction in theKVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivilegedguest user could exploit this flaw to cause a denial of service (systemcrash) on the guest. (CVE-2014-3646)Lars Bull reported a race condition in the PIT (programmable interrupttimer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linuxkernel. A local guest user with access to PIT i/o ports could exploit thisflaw to cause a denial of service (crash) on the host. (CVE-2014-3611)Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel VirtualMachine) handles noncanonical writes to certain MSR registers. A privilegedguest user can exploit this flaw to cause a denial of service (kernelpanic) on the host. (CVE-2014-3610)Raphael Geissert reported a NULL pointer dereference in the Linux kernel'sCIFS client. A remote CIFS server could cause a denial of service (systemcrash) or possibly have other unspecified impact by deleting IPC$ shareduring resolution of DFS referrals. (CVE-2014-7145) |
| Family: | unix | Class: | patch |
| Status: | ACCEPTED | Reference(s): | CVE-2014-3610
CVE-2014-3611
CVE-2014-3646
CVE-2014-3647
CVE-2014-7145
USN-2394-1
|
| Platform(s): | Ubuntu 12.04
| Product(s): | linux-lts-trusty
|
| Definition Synopsis |
| Ubuntu 12.04 is installed AND Packages match section
linux-image-3.13.0-39-generic-lpae is earlier than 0:3.13.0-39.66~precise1
OR linux-image-3.13.0-39-generic is earlier than 0:3.13.0-39.66~precise1
|