ID CVE-2014-3611
Summary Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:3.17.2
    cpe:2.3:o:linux:linux_kernel:3.17.2
  • cpe:2.3:o:linux:linux_kernel:3.17.1
    cpe:2.3:o:linux:linux_kernel:3.17.1
  • Linux Kernel 3.17
    cpe:2.3:o:linux:linux_kernel:3.17
  • Linux Kernel 3.0 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.0:rc1
  • Linux Kernel 3.0 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.0:rc2
  • Linux Kernel 3.0 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.0:rc3
  • Linux Kernel 3.0 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.0:rc4
  • Linux Kernel 3.0 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.0:rc5
  • Linux Kernel 3.0 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.0:rc6
  • Linux Kernel 3.0 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.0:rc7
  • Linux Kernel 3.0.1
    cpe:2.3:o:linux:linux_kernel:3.0.1
  • Linux Kernel 3.0.10
    cpe:2.3:o:linux:linux_kernel:3.0.10
  • Linux Kernel 3.0.11
    cpe:2.3:o:linux:linux_kernel:3.0.11
  • Linux Kernel 3.0.12
    cpe:2.3:o:linux:linux_kernel:3.0.12
  • Linux Kernel 3.0.13
    cpe:2.3:o:linux:linux_kernel:3.0.13
  • Linux Kernel 3.0.14
    cpe:2.3:o:linux:linux_kernel:3.0.14
  • Linux Kernel 3.0.15
    cpe:2.3:o:linux:linux_kernel:3.0.15
  • Linux Kernel 3.0.16
    cpe:2.3:o:linux:linux_kernel:3.0.16
  • Linux Kernel 3.0.17
    cpe:2.3:o:linux:linux_kernel:3.0.17
  • Linux Kernel 3.0.18
    cpe:2.3:o:linux:linux_kernel:3.0.18
  • Linux Kernel 3.0.19
    cpe:2.3:o:linux:linux_kernel:3.0.19
  • Linux Kernel 3.0.2
    cpe:2.3:o:linux:linux_kernel:3.0.2
  • Linux Kernel 3.0.20
    cpe:2.3:o:linux:linux_kernel:3.0.20
  • Linux Kernel 3.0.21
    cpe:2.3:o:linux:linux_kernel:3.0.21
  • Linux Kernel 3.0.22
    cpe:2.3:o:linux:linux_kernel:3.0.22
  • Linux Kernel 3.0.23
    cpe:2.3:o:linux:linux_kernel:3.0.23
  • Linux Kernel 3.0.24
    cpe:2.3:o:linux:linux_kernel:3.0.24
  • Linux Kernel 3.0.25
    cpe:2.3:o:linux:linux_kernel:3.0.25
  • Linux Kernel 3.0.26
    cpe:2.3:o:linux:linux_kernel:3.0.26
  • Linux Kernel 3.0.27
    cpe:2.3:o:linux:linux_kernel:3.0.27
  • Linux Kernel 3.0.28
    cpe:2.3:o:linux:linux_kernel:3.0.28
  • Linux Kernel 3.0.29
    cpe:2.3:o:linux:linux_kernel:3.0.29
  • Linux Kernel 3.0.3
    cpe:2.3:o:linux:linux_kernel:3.0.3
  • Linux Kernel 3.0.30
    cpe:2.3:o:linux:linux_kernel:3.0.30
  • Linux Kernel 3.0.31
    cpe:2.3:o:linux:linux_kernel:3.0.31
  • Linux Kernel 3.0.32
    cpe:2.3:o:linux:linux_kernel:3.0.32
  • Linux Kernel 3.0.33
    cpe:2.3:o:linux:linux_kernel:3.0.33
  • Linux Kernel 3.0.34
    cpe:2.3:o:linux:linux_kernel:3.0.34
  • Linux Kernel 3.0.35
    cpe:2.3:o:linux:linux_kernel:3.0.35
  • Linux Kernel 3.0.36
    cpe:2.3:o:linux:linux_kernel:3.0.36
  • Linux Kernel 3.0.37
    cpe:2.3:o:linux:linux_kernel:3.0.37
  • Linux Kernel 3.0.38
    cpe:2.3:o:linux:linux_kernel:3.0.38
  • Linux Kernel 3.0.39
    cpe:2.3:o:linux:linux_kernel:3.0.39
  • Linux Kernel 3.0.4
    cpe:2.3:o:linux:linux_kernel:3.0.4
  • Linux Kernel 3.0.40
    cpe:2.3:o:linux:linux_kernel:3.0.40
  • Linux Kernel 3.0.41
    cpe:2.3:o:linux:linux_kernel:3.0.41
  • Linux Kernel 3.0.42
    cpe:2.3:o:linux:linux_kernel:3.0.42
  • Linux Kernel 3.0.43
    cpe:2.3:o:linux:linux_kernel:3.0.43
  • Linux Kernel 3.0.44
    cpe:2.3:o:linux:linux_kernel:3.0.44
  • Linux Kernel 3.0.45
    cpe:2.3:o:linux:linux_kernel:3.0.45
  • Linux Kernel 3.0.46
    cpe:2.3:o:linux:linux_kernel:3.0.46
  • Linux Kernel 3.0.47
    cpe:2.3:o:linux:linux_kernel:3.0.47
  • Linux Kernel 3.0.48
    cpe:2.3:o:linux:linux_kernel:3.0.48
  • Linux Kernel 3.0.49
    cpe:2.3:o:linux:linux_kernel:3.0.49
  • Linux Kernel 3.0.5
    cpe:2.3:o:linux:linux_kernel:3.0.5
  • Linux Kernel 3.0.50
    cpe:2.3:o:linux:linux_kernel:3.0.50
  • Linux Kernel 3.0.51
    cpe:2.3:o:linux:linux_kernel:3.0.51
  • Linux Kernel 3.0.52
    cpe:2.3:o:linux:linux_kernel:3.0.52
  • Linux Kernel 3.0.53
    cpe:2.3:o:linux:linux_kernel:3.0.53
  • Linux Kernel 3.0.54
    cpe:2.3:o:linux:linux_kernel:3.0.54
  • Linux Kernel 3.0.55
    cpe:2.3:o:linux:linux_kernel:3.0.55
  • Linux Kernel 3.0.56
    cpe:2.3:o:linux:linux_kernel:3.0.56
  • Linux Kernel 3.0.57
    cpe:2.3:o:linux:linux_kernel:3.0.57
  • Linux Kernel 3.0.58
    cpe:2.3:o:linux:linux_kernel:3.0.58
  • Linux Kernel 3.0.59
    cpe:2.3:o:linux:linux_kernel:3.0.59
  • Linux Kernel 3.0.6
    cpe:2.3:o:linux:linux_kernel:3.0.6
  • Linux Kernel 3.0.60
    cpe:2.3:o:linux:linux_kernel:3.0.60
  • Linux Kernel 3.0.61
    cpe:2.3:o:linux:linux_kernel:3.0.61
  • Linux Kernel 3.0.62
    cpe:2.3:o:linux:linux_kernel:3.0.62
  • Linux Kernel 3.0.63
    cpe:2.3:o:linux:linux_kernel:3.0.63
  • Linux Kernel 3.0.64
    cpe:2.3:o:linux:linux_kernel:3.0.64
  • Linux Kernel 3.0.65
    cpe:2.3:o:linux:linux_kernel:3.0.65
  • Linux Kernel 3.0.66
    cpe:2.3:o:linux:linux_kernel:3.0.66
  • Linux Kernel 3.0.67
    cpe:2.3:o:linux:linux_kernel:3.0.67
  • Linux Kernel 3.0.68
    cpe:2.3:o:linux:linux_kernel:3.0.68
  • Linux Kernel 3.0.7
    cpe:2.3:o:linux:linux_kernel:3.0.7
  • Linux Kernel 3.0.8
    cpe:2.3:o:linux:linux_kernel:3.0.8
  • Linux Kernel 3.0.9
    cpe:2.3:o:linux:linux_kernel:3.0.9
  • Linux Kernel 3.1
    cpe:2.3:o:linux:linux_kernel:3.1
  • Linux Kernel 3.1 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.1:rc1
  • Linux Kernel 3.1 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.1:rc2
  • Linux Kernel 3.1 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.1:rc3
  • Linux Kernel 3.1 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.1:rc4
  • Linux Kernel 3.1.1
    cpe:2.3:o:linux:linux_kernel:3.1.1
  • Linux Kernel 3.1.10
    cpe:2.3:o:linux:linux_kernel:3.1.10
  • Linux Kernel 3.1.2
    cpe:2.3:o:linux:linux_kernel:3.1.2
  • Linux Kernel 3.1.3
    cpe:2.3:o:linux:linux_kernel:3.1.3
  • Linux Kernel 3.1.4
    cpe:2.3:o:linux:linux_kernel:3.1.4
  • Linux Kernel 3.1.5
    cpe:2.3:o:linux:linux_kernel:3.1.5
  • Linux Kernel 3.1.6
    cpe:2.3:o:linux:linux_kernel:3.1.6
  • Linux Kernel 3.1.7
    cpe:2.3:o:linux:linux_kernel:3.1.7
  • Linux Kernel 3.1.8
    cpe:2.3:o:linux:linux_kernel:3.1.8
  • Linux Kernel 3.1.9
    cpe:2.3:o:linux:linux_kernel:3.1.9
  • Linux Kernel 3.10
    cpe:2.3:o:linux:linux_kernel:3.10
  • Linux Kernel 3.10.0 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.0:-:-:-:-:-:arm64
  • Linux Kernel 3.10.1
    cpe:2.3:o:linux:linux_kernel:3.10.1
  • Linux Kernel 3.10.1 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.1:-:-:-:-:-:arm64
  • Linux Kernel 3.10.10
    cpe:2.3:o:linux:linux_kernel:3.10.10
  • Linux Kernel 3.10.11
    cpe:2.3:o:linux:linux_kernel:3.10.11
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.12
  • Linux Kernel 3.10.13
    cpe:2.3:o:linux:linux_kernel:3.10.13
  • Linux Kernel 3.10.14
    cpe:2.3:o:linux:linux_kernel:3.10.14
  • Linux Kernel 3.10.15
    cpe:2.3:o:linux:linux_kernel:3.10.15
  • Linux Kernel 3.10.16
    cpe:2.3:o:linux:linux_kernel:3.10.16
  • Linux Kernel 3.10.17
    cpe:2.3:o:linux:linux_kernel:3.10.17
  • Linux Kernel 3.10.18
    cpe:2.3:o:linux:linux_kernel:3.10.18
  • Linux Kernel 3.10.19
    cpe:2.3:o:linux:linux_kernel:3.10.19
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.2
  • Linux Kernel 3.10.2 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.2:-:-:-:-:-:arm64
  • Linux Kernel 3.10.20
    cpe:2.3:o:linux:linux_kernel:3.10.20
  • Linux Kernel 3.10.21
    cpe:2.3:o:linux:linux_kernel:3.10.21
  • Linux Kernel 3.10.22
    cpe:2.3:o:linux:linux_kernel:3.10.22
  • Linux Kernel 3.10.23
    cpe:2.3:o:linux:linux_kernel:3.10.23
  • Linux Kernel 3.10.24
    cpe:2.3:o:linux:linux_kernel:3.10.24
  • Linux Kernel 3.10.25
    cpe:2.3:o:linux:linux_kernel:3.10.25
  • Linux Kernel 3.10.26
    cpe:2.3:o:linux:linux_kernel:3.10.26
  • Linux Kernel 3.10.27
    cpe:2.3:o:linux:linux_kernel:3.10.27
  • Linux Kernel 3.10.28
    cpe:2.3:o:linux:linux_kernel:3.10.28
  • Linux Kernel 3.10.29
    cpe:2.3:o:linux:linux_kernel:3.10.29
  • Linux Kernel 3.10.3
    cpe:2.3:o:linux:linux_kernel:3.10.3
  • Linux Kernel 3.10.3 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.3:-:-:-:-:-:arm64
  • Linux Kernel 3.10.4
    cpe:2.3:o:linux:linux_kernel:3.10.4
  • Linux Kernel 3.10.4 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.4:-:-:-:-:-:arm64
  • Linux Kernel 3.10.5
    cpe:2.3:o:linux:linux_kernel:3.10.5
  • Linux Kernel 3.10.5 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.5:-:-:-:-:-:arm64
  • Linux Kernel 3.10.6
    cpe:2.3:o:linux:linux_kernel:3.10.6
  • Linux Kernel 3.10.6 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.6:-:-:-:-:-:arm64
  • Linux Kernel 3.10.7
    cpe:2.3:o:linux:linux_kernel:3.10.7
  • Linux Kernel 3.10.7 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.7:-:-:-:-:-:arm64
  • Linux Kernel 3.10.8
    cpe:2.3:o:linux:linux_kernel:3.10.8
  • Linux Kernel 3.10.8 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.8:-:-:-:-:-:arm64
  • Linux Kernel 3.10.9
    cpe:2.3:o:linux:linux_kernel:3.10.9
  • Linux Kernel 3.10.9 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.10.9:-:-:-:-:-:arm64
  • Linux Kernel 3.11
    cpe:2.3:o:linux:linux_kernel:3.11
  • Linux Kernel 3.11.1
    cpe:2.3:o:linux:linux_kernel:3.11.1
  • Linux Kernel 3.11.10
    cpe:2.3:o:linux:linux_kernel:3.11.10
  • Linux Kernel 3.11.2
    cpe:2.3:o:linux:linux_kernel:3.11.2
  • Linux Kernel 3.11.3
    cpe:2.3:o:linux:linux_kernel:3.11.3
  • Linux Kernel 3.11.4
    cpe:2.3:o:linux:linux_kernel:3.11.4
  • Linux Kernel 3.11.5
    cpe:2.3:o:linux:linux_kernel:3.11.5
  • Linux Kernel 3.11.6
    cpe:2.3:o:linux:linux_kernel:3.11.6
  • Linux Kernel 3.11.7
    cpe:2.3:o:linux:linux_kernel:3.11.7
  • Linux Kernel 3.11.8
    cpe:2.3:o:linux:linux_kernel:3.11.8
  • Linux Kernel 3.11.9
    cpe:2.3:o:linux:linux_kernel:3.11.9
  • Linux Kernel 3.12
    cpe:2.3:o:linux:linux_kernel:3.12
  • Linux Kernel 3.12.1
    cpe:2.3:o:linux:linux_kernel:3.12.1
  • Linux Kernel 3.12.10
    cpe:2.3:o:linux:linux_kernel:3.12.10
  • Linux Kernel 3.12.11
    cpe:2.3:o:linux:linux_kernel:3.12.11
  • Linux Kernel 3.12.12
    cpe:2.3:o:linux:linux_kernel:3.12.12
  • Linux Kernel 3.12.13
    cpe:2.3:o:linux:linux_kernel:3.12.13
  • Linux Kernel 3.12.14
    cpe:2.3:o:linux:linux_kernel:3.12.14
  • Linux Kernel 3.12.15
    cpe:2.3:o:linux:linux_kernel:3.12.15
  • Linux Kernel 3.12.16
    cpe:2.3:o:linux:linux_kernel:3.12.16
  • Linux Kernel 3.12.17
    cpe:2.3:o:linux:linux_kernel:3.12.17
  • Linux Kernel 3.12.2
    cpe:2.3:o:linux:linux_kernel:3.12.2
  • Linux Kernel 3.12.3
    cpe:2.3:o:linux:linux_kernel:3.12.3
  • Linux Kernel 3.12.4
    cpe:2.3:o:linux:linux_kernel:3.12.4
  • Linux Kernel 3.12.5
    cpe:2.3:o:linux:linux_kernel:3.12.5
  • Linux Kernel 3.12.6
    cpe:2.3:o:linux:linux_kernel:3.12.6
  • Linux Kernel 3.12.7
    cpe:2.3:o:linux:linux_kernel:3.12.7
  • Linux Kernel 3.12.8
    cpe:2.3:o:linux:linux_kernel:3.12.8
  • Linux Kernel 3.12.9
    cpe:2.3:o:linux:linux_kernel:3.12.9
  • Linux Kernel 3.13
    cpe:2.3:o:linux:linux_kernel:3.13
  • Linux Kernel 3.13.1
    cpe:2.3:o:linux:linux_kernel:3.13.1
  • Linux Kernel 3.13.10
    cpe:2.3:o:linux:linux_kernel:3.13.10
  • Linux Kernel 3.13.11
    cpe:2.3:o:linux:linux_kernel:3.13.11
  • Linux Kernel 3.13.2
    cpe:2.3:o:linux:linux_kernel:3.13.2
  • Linux Kernel 3.13.3
    cpe:2.3:o:linux:linux_kernel:3.13.3
  • Linux Kernel 3.13.4
    cpe:2.3:o:linux:linux_kernel:3.13.4
  • Linux Kernel 3.13.5
    cpe:2.3:o:linux:linux_kernel:3.13.5
  • Linux Kernel 3.13.6
    cpe:2.3:o:linux:linux_kernel:3.13.6
  • Linux Kernel 3.13.7
    cpe:2.3:o:linux:linux_kernel:3.13.7
  • Linux Kernel 3.13.8
    cpe:2.3:o:linux:linux_kernel:3.13.8
  • Linux Kernel 3.13.9
    cpe:2.3:o:linux:linux_kernel:3.13.9
  • Linux Kernel 3.14
    cpe:2.3:o:linux:linux_kernel:3.14
  • Linux Kernel 3.14 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.14:rc1
  • Linux Kernel 3.14 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.14:rc2
  • Linux Kernel 3.14 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.14:rc3
  • Linux Kernel 3.14 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.14:rc4
  • Linux Kernel 3.14 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.14:rc5
  • Linux Kernel 3.14 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.14:rc6
  • Linux Kernel 3.14 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.14:rc7
  • Linux Kernel 3.14 release candidate 8
    cpe:2.3:o:linux:linux_kernel:3.14:rc8
  • Linux Kernel 3.14.1
    cpe:2.3:o:linux:linux_kernel:3.14.1
  • Linux Kernel 3.14.2
    cpe:2.3:o:linux:linux_kernel:3.14.2
  • Linux Kernel 3.14.3
    cpe:2.3:o:linux:linux_kernel:3.14.3
  • Linux Kernel 3.14.4
    cpe:2.3:o:linux:linux_kernel:3.14.4
  • Linux Kernel 3.14.5
    cpe:2.3:o:linux:linux_kernel:3.14.5
  • Linux Kernel 3.15
    cpe:2.3:o:linux:linux_kernel:3.15
  • Linux Kernel 3.15.1
    cpe:2.3:o:linux:linux_kernel:3.15.1
  • Linux Kernel 3.15.2
    cpe:2.3:o:linux:linux_kernel:3.15.2
  • Linux Kernel 3.15.3
    cpe:2.3:o:linux:linux_kernel:3.15.3
  • Linux Kernel 3.15.4
    cpe:2.3:o:linux:linux_kernel:3.15.4
  • Linux Kernel 3.15.5
    cpe:2.3:o:linux:linux_kernel:3.15.5
  • Linux Kernel 3.15.6
    cpe:2.3:o:linux:linux_kernel:3.15.6
  • Linux Kernel 3.15.7
    cpe:2.3:o:linux:linux_kernel:3.15.7
  • Linux Kernel 3.15.8
    cpe:2.3:o:linux:linux_kernel:3.15.8
  • Linux Kernel 3.16.0
    cpe:2.3:o:linux:linux_kernel:3.16.0
  • Linux Kernel 3.16.1
    cpe:2.3:o:linux:linux_kernel:3.16.1
  • Linux Kernel 3.2
    cpe:2.3:o:linux:linux_kernel:3.2
  • Linux Kernel 3.2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.2:-:-:-:-:-:x86
  • Linux Kernel 3.2 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.2:rc2
  • Linux Kernel 3.2 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.2:rc3
  • Linux Kernel 3.2 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.2:rc4
  • Linux Kernel 3.2 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.2:rc5
  • Linux Kernel 3.2 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.2:rc6
  • Linux Kernel 3.2 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.2:rc7
  • Linux Kernel 3.2.1
    cpe:2.3:o:linux:linux_kernel:3.2.1
  • Linux Kernel 3.2.1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.2.1:-:-:-:-:-:x86
  • Linux Kernel 3.2.10
    cpe:2.3:o:linux:linux_kernel:3.2.10
  • Linux Kernel 3.2.11
    cpe:2.3:o:linux:linux_kernel:3.2.11
  • Linux Kernel 3.2.12
    cpe:2.3:o:linux:linux_kernel:3.2.12
  • Linux Kernel 3.2.13
    cpe:2.3:o:linux:linux_kernel:3.2.13
  • Linux Kernel 3.2.14
    cpe:2.3:o:linux:linux_kernel:3.2.14
  • Linux Kernel 3.2.15
    cpe:2.3:o:linux:linux_kernel:3.2.15
  • Linux Kernel 3.2.16
    cpe:2.3:o:linux:linux_kernel:3.2.16
  • Linux Kernel 3.2.17
    cpe:2.3:o:linux:linux_kernel:3.2.17
  • Linux Kernel 3.2.18
    cpe:2.3:o:linux:linux_kernel:3.2.18
  • Linux Kernel 3.2.19
    cpe:2.3:o:linux:linux_kernel:3.2.19
  • Linux Kernel 3.2.2
    cpe:2.3:o:linux:linux_kernel:3.2.2
  • Linux Kernel 3.2.20
    cpe:2.3:o:linux:linux_kernel:3.2.20
  • Linux Kernel 3.2.21
    cpe:2.3:o:linux:linux_kernel:3.2.21
  • Linux Kernel 3.2.22
    cpe:2.3:o:linux:linux_kernel:3.2.22
  • Linux Kernel 3.2.23
    cpe:2.3:o:linux:linux_kernel:3.2.23
  • Linux Kernel 3.2.24
    cpe:2.3:o:linux:linux_kernel:3.2.24
  • Linux Kernel 3.2.25
    cpe:2.3:o:linux:linux_kernel:3.2.25
  • Linux Kernel 3.2.26
    cpe:2.3:o:linux:linux_kernel:3.2.26
  • Linux Kernel 3.2.27
    cpe:2.3:o:linux:linux_kernel:3.2.27
  • Linux Kernel 3.2.28
    cpe:2.3:o:linux:linux_kernel:3.2.28
  • Linux Kernel 3.2.29
    cpe:2.3:o:linux:linux_kernel:3.2.29
  • Linux Kernel 3.2.3
    cpe:2.3:o:linux:linux_kernel:3.2.3
  • Linux Kernel 3.2.30
    cpe:2.3:o:linux:linux_kernel:3.2.30
  • Linux Kernel 3.2.4
    cpe:2.3:o:linux:linux_kernel:3.2.4
  • Linux Kernel 3.2.5
    cpe:2.3:o:linux:linux_kernel:3.2.5
  • Linux Kernel 3.2.6
    cpe:2.3:o:linux:linux_kernel:3.2.6
  • Linux Kernel 3.2.7
    cpe:2.3:o:linux:linux_kernel:3.2.7
  • Linux Kernel 3.2.8
    cpe:2.3:o:linux:linux_kernel:3.2.8
  • Linux Kernel 3.2.9
    cpe:2.3:o:linux:linux_kernel:3.2.9
  • Linux Kernel 3.3
    cpe:2.3:o:linux:linux_kernel:3.3
  • Linux Kernel 3.3 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.3:rc1
  • Linux Kernel 3.3 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.3:rc2
  • Linux Kernel 3.3 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.3:rc3
  • Linux Kernel 3.3 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.3:rc4
  • Linux Kernel 3.3 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.3:rc5
  • Linux Kernel 3.3 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.3:rc6
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
  • Linux Kernel 3.3.1
    cpe:2.3:o:linux:linux_kernel:3.3.1
  • Linux Kernel 3.3.2
    cpe:2.3:o:linux:linux_kernel:3.3.2
  • Linux Kernel 3.3.3
    cpe:2.3:o:linux:linux_kernel:3.3.3
  • Linux Kernel 3.3.4
    cpe:2.3:o:linux:linux_kernel:3.3.4
  • Linux Kernel 3.3.5
    cpe:2.3:o:linux:linux_kernel:3.3.5
  • Linux Kernel 3.3.6
    cpe:2.3:o:linux:linux_kernel:3.3.6
  • Linux Kernel 3.3.7
    cpe:2.3:o:linux:linux_kernel:3.3.7
  • Linux Kernel 3.3.8
    cpe:2.3:o:linux:linux_kernel:3.3.8
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
  • Linux Kernel 3.4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:-:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.4:rc1
  • Linux Kernel 3.4 release candidate 1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc1:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.4:rc2
  • Linux Kernel 3.4 release candidate 2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc2:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.4:rc3
  • Linux Kernel 3.4 release candidate 3 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc3:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.4:rc4
  • Linux Kernel 3.4 release candidate 4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc4:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.4:rc5
  • Linux Kernel 3.4 release candidate 5 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc5:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.4:rc6
  • Linux Kernel 3.4 release candidate 6 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc6:-:-:-:-:x86
  • Linux Kernel 3.4 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.4:rc7
  • Linux Kernel 3.4 release candidate 7 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4:rc7:-:-:-:-:x86
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4.1 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.1:-:-:-:-:-:x86
  • Linux Kernel 3.4.10
    cpe:2.3:o:linux:linux_kernel:3.4.10
  • Linux Kernel 3.4.11
    cpe:2.3:o:linux:linux_kernel:3.4.11
  • Linux Kernel 3.4.12
    cpe:2.3:o:linux:linux_kernel:3.4.12
  • Linux Kernel 3.4.13
    cpe:2.3:o:linux:linux_kernel:3.4.13
  • Linux Kernel 3.4.14
    cpe:2.3:o:linux:linux_kernel:3.4.14
  • Linux Kernel 3.4.15
    cpe:2.3:o:linux:linux_kernel:3.4.15
  • Linux Kernel 3.4.16
    cpe:2.3:o:linux:linux_kernel:3.4.16
  • Linux Kernel 3.4.17
    cpe:2.3:o:linux:linux_kernel:3.4.17
  • Linux Kernel 3.4.18
    cpe:2.3:o:linux:linux_kernel:3.4.18
  • Linux Kernel 3.4.19
    cpe:2.3:o:linux:linux_kernel:3.4.19
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4.2 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.2:-:-:-:-:-:x86
  • Linux Kernel 3.4.20
    cpe:2.3:o:linux:linux_kernel:3.4.20
  • Linux Kernel 3.4.21
    cpe:2.3:o:linux:linux_kernel:3.4.21
  • Linux Kernel 3.4.22
    cpe:2.3:o:linux:linux_kernel:3.4.22
  • Linux Kernel 3.4.23
    cpe:2.3:o:linux:linux_kernel:3.4.23
  • Linux Kernel 3.4.24
    cpe:2.3:o:linux:linux_kernel:3.4.24
  • Linux Kernel 3.4.25
    cpe:2.3:o:linux:linux_kernel:3.4.25
  • Linux Kernel 3.4.26
    cpe:2.3:o:linux:linux_kernel:3.4.26
  • Linux Kernel 3.4.27
    cpe:2.3:o:linux:linux_kernel:3.4.27
  • Linux Kernel 3.4.28
    cpe:2.3:o:linux:linux_kernel:3.4.28
  • Linux Kernel 3.4.29
    cpe:2.3:o:linux:linux_kernel:3.4.29
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.3 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.3:-:-:-:-:-:x86
  • Linux Kernel 3.4.30
    cpe:2.3:o:linux:linux_kernel:3.4.30
  • Linux Kernel 3.4.31
    cpe:2.3:o:linux:linux_kernel:3.4.31
  • Linux Kernel 3.4.32
    cpe:2.3:o:linux:linux_kernel:3.4.32
  • Linux Kernel 3.4.33
    cpe:2.3:o:linux:linux_kernel:3.4.33
  • Linux Kernel 3.4.34
    cpe:2.3:o:linux:linux_kernel:3.4.34
  • Linux Kernel 3.4.35
    cpe:2.3:o:linux:linux_kernel:3.4.35
  • Linux Kernel 3.4.36
    cpe:2.3:o:linux:linux_kernel:3.4.36
  • Linux Kernel 3.4.37
    cpe:2.3:o:linux:linux_kernel:3.4.37
  • Linux Kernel 3.4.38
    cpe:2.3:o:linux:linux_kernel:3.4.38
  • Linux Kernel 3.4.39
    cpe:2.3:o:linux:linux_kernel:3.4.39
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4.4 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.4:-:-:-:-:-:x86
  • Linux Kernel 3.4.40
    cpe:2.3:o:linux:linux_kernel:3.4.40
  • Linux Kernel 3.4.41
    cpe:2.3:o:linux:linux_kernel:3.4.41
  • Linux Kernel 3.4.42
    cpe:2.3:o:linux:linux_kernel:3.4.42
  • Linux Kernel 3.4.43
    cpe:2.3:o:linux:linux_kernel:3.4.43
  • Linux Kernel 3.4.44
    cpe:2.3:o:linux:linux_kernel:3.4.44
  • Linux Kernel 3.4.45
    cpe:2.3:o:linux:linux_kernel:3.4.45
  • Linux Kernel 3.4.46
    cpe:2.3:o:linux:linux_kernel:3.4.46
  • Linux Kernel 3.4.47
    cpe:2.3:o:linux:linux_kernel:3.4.47
  • Linux Kernel 3.4.48
    cpe:2.3:o:linux:linux_kernel:3.4.48
  • Linux Kernel 3.4.49
    cpe:2.3:o:linux:linux_kernel:3.4.49
  • Linux Kernel 3.4.5
    cpe:2.3:o:linux:linux_kernel:3.4.5
  • Linux Kernel 3.4.5 (x86)
    cpe:2.3:o:linux:linux_kernel:3.4.5:-:-:-:-:-:x86
  • Linux Kernel 3.4.50
    cpe:2.3:o:linux:linux_kernel:3.4.50
  • Linux Kernel 3.4.51
    cpe:2.3:o:linux:linux_kernel:3.4.51
  • Linux Kernel 3.4.52
    cpe:2.3:o:linux:linux_kernel:3.4.52
  • Linux Kernel 3.4.53
    cpe:2.3:o:linux:linux_kernel:3.4.53
  • Linux Kernel 3.4.54
    cpe:2.3:o:linux:linux_kernel:3.4.54
  • Linux Kernel 3.4.55
    cpe:2.3:o:linux:linux_kernel:3.4.55
  • Linux Kernel 3.4.56
    cpe:2.3:o:linux:linux_kernel:3.4.56
  • Linux Kernel 3.4.57
    cpe:2.3:o:linux:linux_kernel:3.4.57
  • Linux Kernel 3.4.58
    cpe:2.3:o:linux:linux_kernel:3.4.58
  • Linux Kernel 3.4.59
    cpe:2.3:o:linux:linux_kernel:3.4.59
  • Linux Kernel 3.4.6
    cpe:2.3:o:linux:linux_kernel:3.4.6
  • Linux Kernel 3.4.60
    cpe:2.3:o:linux:linux_kernel:3.4.60
  • Linux Kernel 3.4.61
    cpe:2.3:o:linux:linux_kernel:3.4.61
  • Linux Kernel 3.4.62
    cpe:2.3:o:linux:linux_kernel:3.4.62
  • Linux Kernel 3.4.63
    cpe:2.3:o:linux:linux_kernel:3.4.63
  • Linux Kernel 3.4.64
    cpe:2.3:o:linux:linux_kernel:3.4.64
  • Linux Kernel 3.4.65
    cpe:2.3:o:linux:linux_kernel:3.4.65
  • Linux Kernel 3.4.66
    cpe:2.3:o:linux:linux_kernel:3.4.66
  • Linux Kernel 3.4.67
    cpe:2.3:o:linux:linux_kernel:3.4.67
  • Linux Kernel 3.4.68
    cpe:2.3:o:linux:linux_kernel:3.4.68
  • Linux Kernel 3.4.69
    cpe:2.3:o:linux:linux_kernel:3.4.69
  • Linux Kernel 3.4.7
    cpe:2.3:o:linux:linux_kernel:3.4.7
  • Linux Kernel 3.4.70
    cpe:2.3:o:linux:linux_kernel:3.4.70
  • Linux Kernel 3.4.71
    cpe:2.3:o:linux:linux_kernel:3.4.71
  • Linux Kernel 3.4.72
    cpe:2.3:o:linux:linux_kernel:3.4.72
  • Linux Kernel 3.4.73
    cpe:2.3:o:linux:linux_kernel:3.4.73
  • Linux Kernel 3.4.74
    cpe:2.3:o:linux:linux_kernel:3.4.74
  • Linux Kernel 3.4.75
    cpe:2.3:o:linux:linux_kernel:3.4.75
  • Linux Kernel 3.4.76
    cpe:2.3:o:linux:linux_kernel:3.4.76
  • Linux Kernel 3.4.77
    cpe:2.3:o:linux:linux_kernel:3.4.77
  • Linux Kernel 3.4.78
    cpe:2.3:o:linux:linux_kernel:3.4.78
  • Linux Kernel 3.4.79
    cpe:2.3:o:linux:linux_kernel:3.4.79
  • Linux Kernel 3.4.8
    cpe:2.3:o:linux:linux_kernel:3.4.8
  • Linux Kernel 3.4.9
    cpe:2.3:o:linux:linux_kernel:3.4.9
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.7
    cpe:2.3:o:linux:linux_kernel:3.5.7
  • Linux Kernel 3.6
    cpe:2.3:o:linux:linux_kernel:3.6
  • Linux Kernel 3.6.1
    cpe:2.3:o:linux:linux_kernel:3.6.1
  • Linux Kernel 3.6.10
    cpe:2.3:o:linux:linux_kernel:3.6.10
  • Linux Kernel 3.6.11
    cpe:2.3:o:linux:linux_kernel:3.6.11
  • Linux Kernel 3.6.2
    cpe:2.3:o:linux:linux_kernel:3.6.2
  • Linux Kernel 3.6.3
    cpe:2.3:o:linux:linux_kernel:3.6.3
  • Linux Kernel 3.6.4
    cpe:2.3:o:linux:linux_kernel:3.6.4
  • Linux Kernel 3.6.5
    cpe:2.3:o:linux:linux_kernel:3.6.5
  • Linux Kernel 3.6.6
    cpe:2.3:o:linux:linux_kernel:3.6.6
  • Linux Kernel 3.6.7
    cpe:2.3:o:linux:linux_kernel:3.6.7
  • Linux Kernel 3.6.8
    cpe:2.3:o:linux:linux_kernel:3.6.8
  • Linux Kernel 3.6.9
    cpe:2.3:o:linux:linux_kernel:3.6.9
  • Linux Kernel 3.7
    cpe:2.3:o:linux:linux_kernel:3.7
  • Linux Kernel 3.7.1
    cpe:2.3:o:linux:linux_kernel:3.7.1
  • Linux Kernel 3.7.10
    cpe:2.3:o:linux:linux_kernel:3.7.10
  • Linux Kernel 3.7.2
    cpe:2.3:o:linux:linux_kernel:3.7.2
  • Linux Kernel 3.7.3
    cpe:2.3:o:linux:linux_kernel:3.7.3
  • Linux Kernel 3.7.4
    cpe:2.3:o:linux:linux_kernel:3.7.4
  • Linux Kernel 3.7.5
    cpe:2.3:o:linux:linux_kernel:3.7.5
  • Linux Kernel 3.7.6
    cpe:2.3:o:linux:linux_kernel:3.7.6
  • Linux Kernel 3.7.7
    cpe:2.3:o:linux:linux_kernel:3.7.7
  • Linux Kernel 3.7.8
    cpe:2.3:o:linux:linux_kernel:3.7.8
  • Linux Kernel 3.7.9
    cpe:2.3:o:linux:linux_kernel:3.7.9
  • Linux Kernel 3.8.0
    cpe:2.3:o:linux:linux_kernel:3.8.0
  • Linux Kernel 3.8.1
    cpe:2.3:o:linux:linux_kernel:3.8.1
  • Linux Kernel 3.8.10
    cpe:2.3:o:linux:linux_kernel:3.8.10
  • Linux Kernel 3.8.11
    cpe:2.3:o:linux:linux_kernel:3.8.11
  • Linux Kernel 3.8.12
    cpe:2.3:o:linux:linux_kernel:3.8.12
  • Linux Kernel 3.8.13
    cpe:2.3:o:linux:linux_kernel:3.8.13
  • Linux Kernel 3.8.2
    cpe:2.3:o:linux:linux_kernel:3.8.2
  • Linux Kernel 3.8.3
    cpe:2.3:o:linux:linux_kernel:3.8.3
  • Linux Kernel 3.8.4
    cpe:2.3:o:linux:linux_kernel:3.8.4
  • Linux Kernel 3.8.5
    cpe:2.3:o:linux:linux_kernel:3.8.5
  • Linux Kernel 3.8.6
    cpe:2.3:o:linux:linux_kernel:3.8.6
  • Linux Kernel 3.8.7
    cpe:2.3:o:linux:linux_kernel:3.8.7
  • Linux Kernel 3.8.8
    cpe:2.3:o:linux:linux_kernel:3.8.8
  • Linux Kernel 3.8.9
    cpe:2.3:o:linux:linux_kernel:3.8.9
  • Linux Kernel 3.9 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.9:rc1
  • Linux Kernel 3.9 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.9:rc2
  • Linux Kernel 3.9 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.9:rc3
  • Linux Kernel 3.9 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.9:rc4
  • Linux Kernel 3.9 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.9:rc5
  • Linux Kernel 3.9 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.9:rc6
  • Linux Kernel 3.9 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.9:rc7
  • Linux Kernel 3.9.0
    cpe:2.3:o:linux:linux_kernel:3.9.0
  • Linux Kernel 3.9.0 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.0:-:-:-:-:-:arm64
  • Linux Kernel 3.9.1
    cpe:2.3:o:linux:linux_kernel:3.9.1
  • Linux Kernel 3.9.1 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.1:-:-:-:-:-:arm64
  • Linux Kernel 3.9.10
    cpe:2.3:o:linux:linux_kernel:3.9.10
  • Linux Kernel 3.9.10 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.10:-:-:-:-:-:arm64
  • Linux Kernel 3.9.11
    cpe:2.3:o:linux:linux_kernel:3.9.11
  • Linux Kernel 3.9.11 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.11:-:-:-:-:-:arm64
  • Linux Kernel 3.9.2
    cpe:2.3:o:linux:linux_kernel:3.9.2
  • Linux Kernel 3.9.2 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.2:-:-:-:-:-:arm64
  • Linux Kernel 3.9.3
    cpe:2.3:o:linux:linux_kernel:3.9.3
  • Linux Kernel 3.9.3 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.3:-:-:-:-:-:arm64
  • Linux Kernel 3.9.4
    cpe:2.3:o:linux:linux_kernel:3.9.4
  • Linux Kernel 3.9.4 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.4:-:-:-:-:-:arm64
  • Linux Kernel 3.9.5
    cpe:2.3:o:linux:linux_kernel:3.9.5
  • Linux Kernel 3.9.5 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.5:-:-:-:-:-:arm64
  • Linux Kernel 3.9.6
    cpe:2.3:o:linux:linux_kernel:3.9.6
  • Linux Kernel 3.9.6 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.6:-:-:-:-:-:arm64
  • Linux Kernel 3.9.7
    cpe:2.3:o:linux:linux_kernel:3.9.7
  • Linux Kernel 3.9.7 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.7:-:-:-:-:-:arm64
  • Linux Kernel 3.9.8
    cpe:2.3:o:linux:linux_kernel:3.9.8
  • Linux Kernel 3.9.8 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.8:-:-:-:-:-:arm64
  • Linux Kernel 3.9.9
    cpe:2.3:o:linux:linux_kernel:3.9.9
  • Linux Kernel 3.9.9 on ARM64 architecture
    cpe:2.3:o:linux:linux_kernel:3.9.9:-:-:-:-:-:arm64
CVSS
Base: 4.9 (as of 10-11-2014 - 09:20)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1272.NASL
    description The remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 85097
    published 2015-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85097
    title Oracle Linux 6 : kernel (ELSA-2015-1272)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3086.NASL
    description Description of changes: kernel-uek [2.6.32-400.36.10.el6uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849336] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849320] {CVE-2014-3181} logging macros to functions (Joe Perches) [Orabug: 19847630] {CVE-2014-3535} logging macros to functions (Joe Perches) [Orabug: 19847630] - vsprintf: Recursive vsnprintf: Add '%pV', struct va_format (Joe Perches) [Orabug: 19847630] - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905688] {CVE-2014-3611}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 78839
    published 2014-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78839
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3086)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3085.NASL
    description Description of changes: [2.6.39-400.215.12.el6uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849335] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849318] {CVE-2014-3181} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905687] {CVE-2014-3611}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 78757
    published 2014-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78757
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3085)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0126.NASL
    description An updated rhev-hypervisor6 package that fixes multiple security issues is now available for Red Hat Enterprise Virtualization 3. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646) Red Hat would like to thank Qualys for reporting the CVE-2015-0235 issue, Lars Bull of Google for reporting the CVE-2014-3611 issue, and the Advanced Threat Research team at Intel Security for reporting the CVE-2014-3645 and CVE-2014-3646 issues. Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81200
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81200
    title RHEL 6 : rhev-hypervisor6 (RHSA-2015:0126) (GHOST)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0869.NASL
    description From Red Hat Security Advisory 2015:0869 : Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue. All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 83026
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83026
    title Oracle Linux 5 : kvm (ELSA-2015-0869)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-14068.NASL
    description The 3.14.23 stable update contains a number of important fixes across the tree. Various security fixes for KVM and SCTP Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 79258
    published 2014-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79258
    title Fedora 19 : kernel-3.14.23-100.fc19 (2014-14068)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1843.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. This update also fixes the following bugs : * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142570) * Previously, GFS2 failed to unmount a sub-mounted GFS2 file system if its parent was also a GFS2 file system. This problem has been fixed by adding the appropriate d_op->d_hash() routine call for the last component of the mount point path in the path name lookup mechanism code (namei). (BZ#1145193) * Due to previous changes in the virtio-net driver, a Red Hat Enterprise Linux 6.6 guest was unable to boot with the 'mgr_rxbuf=off' option specified. This was caused by providing the page_to_skb() function with an incorrect packet length in the driver's Rx path. This problem has been fixed and the guest in the described scenario can now boot successfully. (BZ#1148693) * When using one of the newer IPSec Authentication Header (AH) algorithms with Openswan, a kernel panic could occur. This happened because the maximum truncated ICV length was too small. To fix this problem, the MAX_AH_AUTH_LEN parameter has been set to 64. (BZ#1149083) * A bug in the IPMI driver caused the kernel to panic when an IPMI interface was removed using the hotmod script. The IPMI driver has been fixed to properly clean the relevant data when removing an IPMI interface. (BZ#1149578) * Due to a bug in the IPMI driver, the kernel could panic when adding an IPMI interface that was previously removed using the hotmod script. This update fixes this bug by ensuring that the relevant shadow structure is initialized at the right time. (BZ#1149580) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 79206
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79206
    title RHEL 6 : kernel (RHSA-2014:1843)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2417-1.NASL
    description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) A flaw was discovered with invept instruction support when using nested EPT in the KVM (Kernel Virtual Machine). An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3645) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673) A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687) It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688) A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (CVE-2014-3690) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608) It was discovered the Linux kernel's implementation of IPv6 did not properly validate arguments in the ipv6_select_ident function. A local user could exploit this flaw to cause a denial of service (system crash) by leveraging tun or macvtap device access. (CVE-2014-7207) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (CVE-2014-7975). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 79433
    published 2014-11-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79433
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2491-1.NASL
    description Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 81164
    published 2015-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81164
    title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2491-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1843.NASL
    description From Red Hat Security Advisory 2014:1843 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. This update also fixes the following bugs : * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142570) * Previously, GFS2 failed to unmount a sub-mounted GFS2 file system if its parent was also a GFS2 file system. This problem has been fixed by adding the appropriate d_op->d_hash() routine call for the last component of the mount point path in the path name lookup mechanism code (namei). (BZ#1145193) * Due to previous changes in the virtio-net driver, a Red Hat Enterprise Linux 6.6 guest was unable to boot with the 'mgr_rxbuf=off' option specified. This was caused by providing the page_to_skb() function with an incorrect packet length in the driver's Rx path. This problem has been fixed and the guest in the described scenario can now boot successfully. (BZ#1148693) * When using one of the newer IPSec Authentication Header (AH) algorithms with Openswan, a kernel panic could occur. This happened because the maximum truncated ICV length was too small. To fix this problem, the MAX_AH_AUTH_LEN parameter has been set to 64. (BZ#1149083) * A bug in the IPMI driver caused the kernel to panic when an IPMI interface was removed using the hotmod script. The IPMI driver has been fixed to properly clean the relevant data when removing an IPMI interface. (BZ#1149578) * Due to a bug in the IPMI driver, the kernel could panic when adding an IPMI interface that was previously removed using the hotmod script. This update fixes this bug by ensuring that the relevant shadow structure is initialized at the right time. (BZ#1149580) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 79201
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79201
    title Oracle Linux 6 : kernel (ELSA-2014-1843)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1724.NASL
    description Updated kernel packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. Bug fixes : * A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548) * When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. (BZ#1134715) * The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. (BZ#1134716) * Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. (BZ#1134717) * The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. (BZ#1138733) * A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. (BZ#1139126) * Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. (BZ#1140300) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78702
    published 2014-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78702
    title CentOS 7 : kernel (CESA-2014:1724)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3060.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service : - CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. - CVE-2014-3611 Lars Bull of Google reported a race condition in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. - CVE-2014-3645/ CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. - CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system. - CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system. - CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service. - CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash). This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78784
    published 2014-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78784
    title Debian DSA-3060-1 : linux - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0869.NASL
    description Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue. All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83027
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83027
    title RHEL 5 : kvm (RHSA-2015:0869)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3084.NASL
    description Description of changes: kernel-uek [3.8.13-44.1.4.el7uek] - USB: whiteheat: Added bounds checking for bulk command response (James Forshaw) [Orabug: 19849334] {CVE-2014-3185} - HID: fix a couple of off-by-ones (Jiri Kosina) [Orabug: 19849317] {CVE-2014-3181} - kvm: vmx: handle invvpid vm exit gracefully (Petr Matousek) [Orabug: 19906300] {CVE-2014-3646} - nEPT: Nested INVEPT (Nadav Har'El) [Orabug: 19906267] {CVE-2014-3645} - KVM: x86: Improve thread safety in pit (Andy Honig) [Orabug: 19905686] {CVE-2014-3611}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 78756
    published 2014-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78756
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3084)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1724.NASL
    description Updated kernel packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. Bug fixes : * A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548) * When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. (BZ#1134715) * The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. (BZ#1134716) * Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. (BZ#1134717) * The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. (BZ#1138733) * A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. (BZ#1139126) * Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. (BZ#1140300) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 78722
    published 2014-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78722
    title RHEL 7 : kernel (RHSA-2014:1724)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3096.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 79735
    published 2014-12-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79735
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3096)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-14126.NASL
    description Linux v3.17.2. A wide variety of fixes across the tree. Even more KVM CVE fixes CVE fixes for KVM and SCTP. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 78814
    published 2014-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78814
    title Fedora 21 : kernel-3.17.2-300.fc21 (2014-14126)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0068-1.NASL
    description The SUSE Linux Enterprise 12 kernel was updated to 3.12.31 to receive various security and bugfixes. Security issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. - CVE-2014-9090: Various issues in LDT handling in 32bit compatibility mode on the x86_64 platform were fixed, where local attackers could crash the machine. - CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. - CVE-2014-3647: Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandled noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO could use this flaw to cause a denial of service (system crash) of the guest. - CVE-2014-3611: A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. - CVE-2014-3610: If the guest writes a noncanonical value to certain MSR registers, KVM will write that value to the MSR in the host context and a #GP will be raised leading to kernel panic. A privileged guest user could have used this flaw to crash the host. - CVE-2014-7841: A remote attacker could have used a flaw in SCTP to crash the system by sending a maliciously prepared SCTP packet in order to trigger a NULL pointer dereference on the server. - CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. Bugs fixed: BTRFS : - btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items (bnc#904077). - btrfs: fix invalid leaf slot access in btrfs_lookup_extent() (bnc#904077). - btrfs: avoid returning -ENOMEM in convert_extent_bit() too early (bnc#902016). - btrfs: make find_first_extent_bit be able to cache any state (bnc#902016). - btrfs: deal with convert_extent_bit errors to avoid fs corruption (bnc#902016). - btrfs: be aware of btree inode write errors to avoid fs corruption (bnc#899551). - btrfs: add missing end_page_writeback on submit_extent_page failure (bnc#899551). - btrfs: fix crash of btrfs_release_extent_buffer_page (bnc#899551). - btrfs: ensure readers see new data after a clone operation (bnc#898234). - btrfs: avoid visiting all extent items when cloning a range (bnc#898234). - btrfs: fix clone to deal with holes when NO_HOLES feature is enabled (bnc#898234). - btrfs: make fsync work after cloning into a file (bnc#898234). - btrfs: fix use-after-free when cloning a trailing file hole (bnc#898234). - btrfs: clone, don't create invalid hole extent map (bnc#898234). - btrfs: limit the path size in send to PATH_MAX (bnc#897770). - btrfs: send, fix more issues related to directory renames (bnc#897770). - btrfs: send, remove dead code from __get_cur_name_and_parent (bnc#897770). - btrfs: send, account for orphan directories when building path strings (bnc#897770). - btrfs: send, avoid unnecessary inode item lookup in the btree (bnc#897770). - btrfs: send, fix incorrect ref access when using extrefs (bnc#897770). - btrfs: send, build path string only once in send_hole (bnc#897770). - btrfs: part 2, fix incremental send's decision to delay a dir move/rename (bnc#897770). - btrfs: fix incremental send's decision to delay a dir move/rename (bnc#897770). - btrfs: remove unnecessary inode generation lookup in send (bnc#897770). - btrfs: avoid unnecessary utimes update in incremental send (bnc#897770). - btrfs: fix send issuing outdated paths for utimes, chown and chmod (bnc#897770). - btrfs: fix send attempting to rmdir non-empty directories (bnc#897770). - btrfs: send, don't send rmdir for same target multiple times (bnc#897770). - btrfs: incremental send, fix invalid path after dir rename (bnc#897770). - btrfs: fix assert screwup for the pending move stuff (bnc#897770). - btrfs: make some tree searches in send.c more efficient (bnc#897770). - btrfs: use right extent item position in send when finding extent clones (bnc#897770). - btrfs: more send support for parent/child dir relationship inversion (bnc#897770). - btrfs: fix send dealing with file renames and directory moves (bnc#897770). - btrfs: add missing error check in incremental send (bnc#897770). - btrfs: make send's file extent item search more efficient (bnc#897770). - btrfs: fix infinite path build loops in incremental send (bnc#897770). - btrfs: send, don't delay dir move if there's a new parent inode (bnc#897770). - btrfs: add helper btrfs_fdatawrite_range (bnc#902010). - btrfs: correctly flush compressed data before/after direct IO (bnc#902010). - btrfs: make inode.c:compress_file_range() return void (bnc#902010). - btrfs: report error after failure inlining extent in compressed write path (bnc#902010). - btrfs: don't ignore compressed bio write errors (bnc#902010). - btrfs: make inode.c:submit_compressed_extents() return void (bnc#902010). - btrfs: process all async extents on compressed write failure (bnc#902010). - btrfs: don't leak pages and memory on compressed write error (bnc#902010). - btrfs: fix hang on compressed write error (bnc#902010). - btrfs: set page and mapping error on compressed write failure (bnc#902010). - btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup (bnc#904115). Hyper-V : - hyperv: Fix a bug in netvsc_send(). - hyperv: Fix a bug in netvsc_start_xmit(). - drivers: hv: vmbus: Enable interrupt driven flow control. - drivers: hv: vmbus: Properly protect calls to smp_processor_id(). - drivers: hv: vmbus: Cleanup hv_post_message(). - drivers: hv: vmbus: Cleanup vmbus_close_internal(). - drivers: hv: vmbus: Fix a bug in vmbus_open(). - drivers: hv: vmbus: Cleanup vmbus_establish_gpadl(). - drivers: hv: vmbus: Cleanup vmbus_teardown_gpadl(). - drivers: hv: vmbus: Cleanup vmbus_post_msg(). - storvsc: get rid of overly verbose warning messages. - hyperv: NULL dereference on error. - hyperv: Increase the buffer length for netvsc_channel_cb(). zSeries / S390 : - s390: pass march flag to assembly files as well (bnc#903279, LTC#118177). - kernel: reduce function tracer overhead (bnc#903279, LTC#118177). - SUNRPC: Handle EPIPE in xprt_connect_status (bnc#901090). - SUNRPC: Ensure that we handle ENOBUFS errors correctly (bnc#901090). - SUNRPC: Ensure call_connect_status() deals correctly with SOFTCONN tasks (bnc#901090). - SUNRPC: Ensure that call_connect times out correctly (bnc#901090). - SUNRPC: Handle connect errors ECONNABORTED and EHOSTUNREACH (bnc#901090). - SUNRPC: Ensure xprt_connect_status handles all potential connection errors (bnc#901090). - SUNRPC: call_connect_status should recheck bind and connect status on error (bnc#901090). kGraft : - kgr: force patching process to succeed (fate#313296). - kgr: usb-storage, mark kthread safe (fate#313296 bnc#899908). - Refresh patches.suse/kgr-0039-kgr-fix-ugly-race.patch. Fix few bugs, and also races (immutable vs mark_processes vs other threads). - kgr: always use locked bit ops for thread_info->flags (fate#313296). - kgr: lower the workqueue scheduling timeout (fate#313296 bnc#905087). - kgr: mark even more kthreads (fate#313296 bnc#904871). - rpm/kernel-binary.spec.in: Provide name-version-release for kgraft packages (bnc#901925) Other : - NFSv4: test SECINFO RPC_AUTH_GSS pseudoflavors for support (bnc#905758). - Enable cmac(aes) and cmac(3des_ede) for FIPS mode (bnc#905296 bnc#905772). - scsi_dh_alua: disable ALUA handling for non-disk devices (bnc#876633). - powerpc/vphn: NUMA node code expects big-endian (bsc#900126). - net: fix checksum features handling in netif_skb_features() (bnc#891259). - be2net: Fix invocation of be_close() after be_clear() (bnc#895468). - PCI: pciehp: Clear Data Link Layer State Changed during init (bnc#898297). - PCI: pciehp: Use symbolic constants, not hard-coded bitmask (bnc#898297). - PCI: pciehp: Use link change notifications for hot-plug and removal (bnc#898297). - PCI: pciehp: Make check_link_active() non-static (bnc#898297). - PCI: pciehp: Enable link state change notifications (bnc#898297). - ALSA: hda - Treat zero connection as non-error (bnc#902898). - bcache: add mutex lock for bch_is_open (bnc#902893). - futex: Fix a race condition between REQUEUE_PI and task death (bcn #851603 (futex scalability series)). - Linux 3.12.31 (bnc#895983 bnc#897912). - futex: Ensure get_futex_key_refs() always implies a barrier (bcn #851603 (futex scalability series)). - usbback: don't access request fields in shared ring more than once. - Update Xen patches to 3.12.30. - locking/rwsem: Avoid double checking before try acquiring write lock (Locking scalability.). - zcrypt: toleration of new crypto adapter hardware (bnc#894057, LTC#117041). - zcrypt: support for extended number of ap domains (bnc#894057, LTC#117041). - kABI: protect linux/fs.h include in mm/internal.h. - Linux 3.12.30 (FATE#315482 bnc#862957 bnc#863526 bnc#870498). - Update patches.fixes/xfs-mark-all-internal-workqueues-as-freeza ble.patch (bnc#899785). - xfs: mark all internal workqueues as freezable. - drm/i915: Move DP port disable to post_disable for pch platforms (bnc#899787). - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix (bnc#895680). - Linux 3.12.29 (bnc#879255 bnc#880892 bnc#887046 bnc#887418 bnc#891619 bnc#892612 bnc#892650 bnc#897101). - iommu/vt-d: Work around broken RMRR firmware entries (bnc#892860). - iommu/vt-d: Store bus information in RMRR PCI device path (bnc#892860). - iommu/vt-d: Only remove domain when device is removed (bnc#883139). - driver core: Add BUS_NOTIFY_REMOVED_DEVICE event (bnc#883139). - Update config files: Re-enable CONFIG_FUNCTION_PROFILER (bnc#899489) Option FUNCTION_PROFILER was enabled in debug and trace kernels so far, but it was accidentally disabled before tracing features were merged into the default kernel and the trace flavor was discarded. So all kernels are missing the feature now. Re-enable it. - xfs: xlog_cil_force_lsn doesn't always wait correctly. - scsi: clear 'host_scribble' upon successful abort (bnc#894863). - module: warn if module init + probe takes long (bnc#889297 bnc#877622 bnc#889295 bnc#893454). - mm, THP: don't hold mmap_sem in khugepaged when allocating THP (bnc#880767, VM Performance). - pagecache_limit: batch large nr_to_scan targets (bnc#895221). - iommu/vt-d: Check return value of acpi_bus_get_device() (bnc#903307). - rpm/kernel-binary.spec.in: Fix including the secure boot cert in /etc/uefi/certs - sched: Reduce contention in update_cfs_rq_blocked_load() (Scheduler/core performance). - x86: use optimized ioresource lookup in ioremap function (Boot time optimisations (bnc#895387)). - x86: optimize resource lookups for ioremap (Boot time optimisations (bnc#895387)). - usb: Do not re-read descriptors for wired devices in usb_authorize_device() (bnc#904354). - netxen: Fix link event handling (bnc#873228). - x86, cpu: Detect more TLB configuration -xen (TLB Performance). - x86/mm: Fix RCU splat from new TLB tracepoints (TLB Performance). - x86/mm: Set TLB flush tunable to sane value (33) (TLB Performance). - x86/mm: New tunable for single vs full TLB flush (TLB Performance). - x86/mm: Add tracepoints for TLB flushes (TLB Performance). - x86/mm: Unify remote INVLPG code (TLB Performance). - x86/mm: Fix missed global TLB flush stat (TLB Performance). - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing (TLB Performance). - x86, cpu: Detect more TLB configuration (TLB Performance). - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on IvyBridge (TLB Performance). - x86/mm: Clean up the TLB flushing code (TLB Performance). - mm: free compound page with correct order (VM Functionality). - bnx2x: Utilize FW 7.10.51 (bnc#887382). - bnx2x: Remove unnecessary internal mem config (bnc#887382). - rtnetlink: fix oops in rtnl_link_get_slave_info_data_size (bnc#901774). - dm: do not call dm_sync_table() when creating new devices (bnc#901809). - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736). - uas: replace WARN_ON_ONCE() with lockdep_assert_held() (FATE#315595). - cxgb4/cxgb4vf: Add Devicde ID for two more adapter (bsc#903999). - cxgb4/cxgb4vf: Add device ID for new adapter and remove for dbg adapter (bsc#903999). - cxgb4: Adds device ID for few more Chelsio T4 Adapters (bsc#903999). - cxgb4: Check if rx checksum offload is enabled, while reading hardware calculated checksum (bsc#903999). - xen-pciback: drop SR-IOV VFs when PF driver unloads (bsc#901839). This update also includes fixes contained in the Linux 3.12.stable release series, not separately listed here. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83665
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83665
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-230.NASL
    description Multiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (CVE-2014-3610). Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation (CVE-2014-3611). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3645). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3646). arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3647). The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (CVE-2014-3673). The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (CVE-2014-3687). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application (CVE-2014-7825). kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (CVE-2014-7826). The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call (CVE-2014-7970). The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (CVE-2014-8369). The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 79610
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79610
    title Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0284.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. (CVE-2014-8160, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, Vladimir Davydov (Parallels) for reporting CVE-2013-4483, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. Bug fixes : * When forwarding a packet, the iptables target TCPOPTSTRIP used the tcp_hdr() function to locate the option space. Consequently, TCPOPTSTRIP located the incorrect place in the packet, and therefore did not match options for stripping. TCPOPTSTRIP now uses the TCP header itself to locate the option space, and the options are now properly stripped. (BZ#1172026) * The ipset utility computed incorrect values of timeouts from an old IP set, and these values were then supplied to a new IP set. A resize on an IP set with a timeouts option enabled could then supply corrupted data from an old IP set. This bug has been fixed by properly reading timeout values from an old set before supplying them to a new set. (BZ#1172763) * Incorrect processing of errors from the BCM5719 LAN controller could result in incoming packets being dropped. Now, received errors are handled properly, and incoming packets are no longer randomly dropped. (BZ#1180405) * When the NVMe driver allocated a name-space queue, it was recognized as a request-based driver, whereas it was a BIO-based driver. While trying to access data during the loading of NVMe along with a request-based DM device, the system could terminate unexpectedly or become unresponsive. Now, NVMe does not set the QUEUE_FLAG_STACKABLE flag during the allocation of a name-space queue, and the system no longer attempts to insert a request into the queue, preventing a crash. (BZ#1180554) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81624
    published 2015-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81624
    title RHEL 6 : kernel (RHSA-2015:0284)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-13773.NASL
    description More KVM CVE fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 78716
    published 2014-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78716
    title Fedora 20 : kernel-3.16.6-203.fc20 (2014-13773)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141028_KERNEL_ON_SL7_X.NASL
    description Security fixes : - A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) - A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) - It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) - A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Bug fixes : - A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. - When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. - The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. - Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. - The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. - A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. - Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. - Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 78851
    published 2014-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78851
    title Scientific Linux Security Update : kernel on SL7.x x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1843.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. This update also fixes the following bugs : * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142570) * Previously, GFS2 failed to unmount a sub-mounted GFS2 file system if its parent was also a GFS2 file system. This problem has been fixed by adding the appropriate d_op->d_hash() routine call for the last component of the mount point path in the path name lookup mechanism code (namei). (BZ#1145193) * Due to previous changes in the virtio-net driver, a Red Hat Enterprise Linux 6.6 guest was unable to boot with the 'mgr_rxbuf=off' option specified. This was caused by providing the page_to_skb() function with an incorrect packet length in the driver's Rx path. This problem has been fixed and the guest in the described scenario can now boot successfully. (BZ#1148693) * When using one of the newer IPSec Authentication Header (AH) algorithms with Openswan, a kernel panic could occur. This happened because the maximum truncated ICV length was too small. To fix this problem, the MAX_AH_AUTH_LEN parameter has been set to 64. (BZ#1149083) * A bug in the IPMI driver caused the kernel to panic when an IPMI interface was removed using the hotmod script. The IPMI driver has been fixed to properly clean the relevant data when removing an IPMI interface. (BZ#1149578) * Due to a bug in the IPMI driver, the kernel could panic when adding an IPMI interface that was previously removed using the hotmod script. This update fixes this bug by ensuring that the relevant shadow structure is initialized at the right time. (BZ#1149580) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79189
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79189
    title CentOS 6 : kernel (CESA-2014:1843)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1724.NASL
    description From Red Hat Security Advisory 2014:1724 : Updated kernel packages that fix several security issues and bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. Bug fixes : * A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548) * When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. (BZ#1134715) * The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. (BZ#1134716) * Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. (BZ#1134717) * The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. (BZ#1138733) * A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. (BZ#1139126) * Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. (BZ#1140300) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 78721
    published 2014-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78721
    title Oracle Linux 7 : kernel (ELSA-2014-1724)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0869.NASL
    description Updated kvm packages that fix two security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue. All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 83001
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83001
    title CentOS 5 : kvm (CESA-2015:0869)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2394-1.NASL
    description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel's CIFS client. A remote CIFS server could cause a denial of service (system crash) or possibly have other unspecified impact by deleting IPC$ share during resolution of DFS referrals. (CVE-2014-7145). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 78764
    published 2014-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78764
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2394-1)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15912.NASL
    description CVE-2014-3185 Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. CVE-2014-3611 Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation. CVE-2014-3645 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. CVE-2014-3646 arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. Impact An attacker may be able to gain access to unauthorized information, perform unauthorized modification of data, or cause disruption of services. CVE-2014-3185 require physical access to the device. CVE-2014-3611, CVE-2014-3645, and CVE-2014-3646 are considered local, as they are exploitable only by an authenticated user.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 80059
    published 2014-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80059
    title F5 Networks BIG-IP : Linux kernel driver vulnerabilities (K15912)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2462-1.NASL
    description Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 80510
    published 2015-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80510
    title Ubuntu 10.04 LTS : linux vulnerabilities (USN-2462-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2396-1.NASL
    description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 78821
    published 2014-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78821
    title Ubuntu 14.10 : linux vulnerabilities (USN-2396-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150422_KVM_ON_SL5_X.NASL
    description It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Note: The following procedure must be performed before this update will take effect : 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using 'modprobe -r [module]') and reload (using 'modprobe [module]') all of the following modules which are currently running (determined using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. or you may restart your system.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 83029
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83029
    title Scientific Linux Security Update : kvm on SL5.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0290.NASL
    description The remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 81800
    published 2015-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81800
    title Oracle Linux 7 : kernel (ELSA-2015-0290)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2395-1.NASL
    description Nadav Amit reported that the KVM (Kernel Virtual Machine) mishandles noncanonical addresses when emulating instructions that change the rip (Instruction Pointer). A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest. (CVE-2014-3647) A flaw was discovered with the handling of the invept instruction in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. An unprivileged guest user could exploit this flaw to cause a denial of service (system crash) on the guest. (CVE-2014-3646) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Raphael Geissert reported a NULL pointer dereference in the Linux kernel's CIFS client. A remote CIFS server could cause a denial of service (system crash) or possibly have other unspecified impact by deleting IPC$ share during resolution of DFS referrals. (CVE-2014-7145). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 78765
    published 2014-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78765
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2395-1)
redhat via4
advisories
  • bugzilla
    id 1144883
    title CVE-2014-3610 kernel: kvm: noncanonical MSR writes
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment kmod-kvm is earlier than 0:83-270.el5_11
          oval oval:com.redhat.rhsa:tst:20150869010
        • comment kmod-kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465005
      • AND
        • comment kmod-kvm-debug is earlier than 0:83-270.el5_11
          oval oval:com.redhat.rhsa:tst:20150869008
        • comment kmod-kvm-debug is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20110028007
      • AND
        • comment kvm is earlier than 0:83-270.el5_11
          oval oval:com.redhat.rhsa:tst:20150869002
        • comment kvm is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465003
      • AND
        • comment kvm-qemu-img is earlier than 0:83-270.el5_11
          oval oval:com.redhat.rhsa:tst:20150869006
        • comment kvm-qemu-img is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465007
      • AND
        • comment kvm-tools is earlier than 0:83-270.el5_11
          oval oval:com.redhat.rhsa:tst:20150869004
        • comment kvm-tools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20091465009
    rhsa
    id RHSA-2015:0869
    released 2015-04-22
    severity Important
    title RHSA-2015:0869: kvm security update (Important)
  • rhsa
    id RHSA-2015:0126
  • rhsa
    id RHSA-2015:0284
rpms
  • kernel-0:3.10.0-123.9.2.el7
  • kernel-abi-whitelists-0:3.10.0-123.9.2.el7
  • kernel-bootwrapper-0:3.10.0-123.9.2.el7
  • kernel-debug-0:3.10.0-123.9.2.el7
  • kernel-debug-devel-0:3.10.0-123.9.2.el7
  • kernel-devel-0:3.10.0-123.9.2.el7
  • kernel-doc-0:3.10.0-123.9.2.el7
  • kernel-headers-0:3.10.0-123.9.2.el7
  • kernel-kdump-0:3.10.0-123.9.2.el7
  • kernel-kdump-devel-0:3.10.0-123.9.2.el7
  • kernel-tools-0:3.10.0-123.9.2.el7
  • kernel-tools-libs-0:3.10.0-123.9.2.el7
  • kernel-tools-libs-devel-0:3.10.0-123.9.2.el7
  • perf-0:3.10.0-123.9.2.el7
  • python-perf-0:3.10.0-123.9.2.el7
  • kernel-0:2.6.32-504.1.3.el6
  • kernel-abi-whitelists-0:2.6.32-504.1.3.el6
  • kernel-bootwrapper-0:2.6.32-504.1.3.el6
  • kernel-debug-0:2.6.32-504.1.3.el6
  • kernel-debug-devel-0:2.6.32-504.1.3.el6
  • kernel-devel-0:2.6.32-504.1.3.el6
  • kernel-doc-0:2.6.32-504.1.3.el6
  • kernel-firmware-0:2.6.32-504.1.3.el6
  • kernel-headers-0:2.6.32-504.1.3.el6
  • kernel-kdump-0:2.6.32-504.1.3.el6
  • kernel-kdump-devel-0:2.6.32-504.1.3.el6
  • perf-0:2.6.32-504.1.3.el6
  • python-perf-0:2.6.32-504.1.3.el6
  • kmod-kvm-0:83-270.el5_11
  • kmod-kvm-debug-0:83-270.el5_11
  • kvm-0:83-270.el5_11
  • kvm-qemu-img-0:83-270.el5_11
  • kvm-tools-0:83-270.el5_11
refmap via4
confirm
debian DSA-3060
mlist [oss-security] 20141024 kvm issues
ubuntu
  • USN-2394-1
  • USN-2417-1
  • USN-2418-1
  • USN-2491-1
Last major update 02-01-2017 - 21:59
Published 10-11-2014 - 06:55
Back to Top