Vulnerability Name:

CVE-2014-0049 (CCN-91492)

Assigned:2013-12-03
Published:2014-02-27
Updated:2023-02-13
Summary:Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by an error in the complete_emulated_mmio() function within the KVM subsystem. A local attacker could exploit this vulnerability to corrupt memory and gain elevated privileges on the system.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.4 High (CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C)
5.4 Medium (Temporal CVSS v2 Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2014-0049

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: SA57213
KVM "complete_emulated_mmio()" Memory Corruption Vulnerability

Source: CCN
Type: SA57216
Linux Kernel "complete_emulated_mmio()" Memory Corruption Vulnerability

Source: secalert@redhat.com
Type: Release Notes, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Mailing List, Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-65909
Linux Kernel 'complete_emulated_mmio()' Function Privilege Escalation Vulnerability

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-kernel-cve20140049-priv-esc(91492)

Source: CCN
Type: Linux Kernel GIT Repository
kvm: x86: fix emulator buffer overflow (CVE-2014-0049)

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:3.10:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.12:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:3.13:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:26365
    P
    		ELSA-2014-3034 -- Unbreakable Enterprise kernel security update (important)
    2015-03-16
    oval:org.mitre.oval:def:24637
    P
    		USN-2176-1 -- linux-lts-raring vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24461
    P
    		USN-2179-1 -- linux vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24554
    P
    		USN-2180-1 -- linux-ti-omap4 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24864
    P
    		USN-2177-1 -- linux-lts-saucy vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24576
    P
    		USN-2181-1 -- linux-ti-omap4 vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24238
    P
    		USN-2175-1 -- linux-lts-quantal vulnerabilities
    2014-07-21
    oval:org.mitre.oval:def:24826
    P
    		USN-2178-1 -- linux vulnerabilities
    2014-07-07
    oval:com.ubuntu.precise:def:20140049000
    V
    		CVE-2014-0049 on Ubuntu 12.04 LTS (precise) - medium.
    2014-03-11
    oval:com.ubuntu.xenial:def:201400490000000
    V
    		CVE-2014-0049 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-03-11
    oval:com.ubuntu.trusty:def:20140049000
    V
    		CVE-2014-0049 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-03-11
    oval:com.ubuntu.xenial:def:20140049000
    V
    		CVE-2014-0049 on Ubuntu 16.04 LTS (xenial) - medium.
    2014-03-11
    BACK
    linux linux kernel 3.10
    linux linux kernel 3.12
    linux linux kernel 3.13