Lucene search

K
cve[email protected]CVE-2014-3601
HistorySep 01, 2014 - 1:55 a.m.

CVE-2014-3601

2014-09-0101:55:18
CWE-189
web.nvd.nist.gov
62
linux kernel
kvm_iommu_map_pages
vulnerability
memory corruption
denial of service
nvd
cve-2014-3601

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

61.0%

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.

Affected configurations

NVD
Node
suselinux_enterprise_real_time_extensionMatch11.0sp3
OR
opensuseevergreenMatch11.4
OR
suselinux_enterprise_serverMatch11sp2ltss
OR
susesuse_linux_enterprise_serverMatch11
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
Node
linuxlinux_kernelRange3.16.1
OR
linuxlinux_kernelMatch3.16.0

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:N/I:N/A:C

0.002 Low

EPSS

Percentile

61.0%