Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0869
HistoryApr 22, 2015 - 12:00 a.m.

(RHSA-2015:0869) Important: kvm security update

2015-04-2200:00:00
access.redhat.com
31

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.6%

JSON

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

It was found that KVM’s Write to Model Specific Register (WRMSR)
instruction emulation would write non-canonical values passed in by the
guest to certain MSRs in the host’s context. A privileged guest user could
use this flaw to crash the host. (CVE-2014-3610)

A race condition flaw was found in the way the Linux kernel’s KVM subsystem
handled PIT (Programmable Interval Timer) emulation. A guest user who has
access to the PIT I/O ports could use this flaw to crash the host.
(CVE-2014-3611)

Red Hat would like to thank Lars Bull of Google and Nadav Amit for
reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting
the CVE-2014-3611 issue.

All kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Note: The procedure in
the Solution section must be performed before this update will take effect.

Related

nessus 42
oraclelinux 10
centos 3
openvas 52
mageia 6
ubuntu 7
securityvulns 4
prion 2
cve 2
ubuntucve 2
debiancve 2
archlinux 2
debian 2
osv 1
fedora 13
suse 7
f5 2
redhat 4
nessus
nessus
Ubuntu 10.04 LTS : linux vulnerabilities (USN-2462-1)
2015-01-14 00:00:00
RHEL 5 : kvm (RHSA-2015:0869)
2015-04-23 00:00:00
CentOS 5 : kvm (CESA-2015:0869)
2015-04-23 00:00:00
oraclelinux
oraclelinux
kvm security update
2015-04-22 00:00:00
Unbreakable Enterprise kernel Security update
2014-10-30 00:00:00
kernel security and bug fix update
2014-11-11 00:00:00
centos
centos
kmod, kvm security update
2015-04-22 14:47:16
kernel, perf, python security update
2014-11-11 19:31:00
kernel, perf, python security update
2014-10-29 02:12:28
openvas
openvas
Oracle: Security Advisory (ELSA-2015-0869)
2015-10-06 00:00:00
CentOS Update for kmod-kvm CESA-2015:0869 centos5
2015-04-23 00:00:00
Ubuntu: Security Advisory (USN-2462-1)
2015-01-23 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2014-11-21 15:44:16
Updated kernel packages fix security vulnerabilities
2014-11-21 15:44:16
Updated kernel-linus packages fix security vulnerabilities
2015-02-19 17:43:07
ubuntu
ubuntu
Linux kernel vulnerabilities
2015-01-13 00:00:00
Linux kernel vulnerabilities
2014-10-31 00:00:00
Linux kernel (EC2) vulnerabilities
2015-02-04 00:00:00
securityvulns
securityvulns
[USN-2394-1] Linux kernel (Trusty HWE) vulnerabilities
2014-11-03 00:00:00
[SECURITY] [DSA 3060-1] linux security update
2014-11-03 00:00:00
[ MDVSA-2014:230 ] kernel
2014-11-30 00:00:00
prion
prion
Open redirect
2014-11-10 11:55:00
Race condition
2014-11-10 11:55:00
cve
cve
CVE-2014-3610
2014-11-10 11:55:00
CVE-2014-3611
2014-11-10 11:55:00
ubuntucve
ubuntucve
CVE-2014-3610
2014-10-23 00:00:00
CVE-2014-3611
2014-10-23 00:00:00
debiancve
debiancve
CVE-2014-3610
2014-11-10 11:55:00
CVE-2014-3611
2014-11-10 11:55:00
archlinux
archlinux
linux-lts: local denial of service, privilege escalation
2014-11-17 00:00:00
linux: local denial of service, privilege escalation
2014-11-17 00:00:00
debian
debian
[SECURITY] [DSA 3060-1] linux security update
2014-10-31 15:41:41
[SECURITY] [DSA 3060-1] linux security update
2014-10-31 15:41:41
osv
osv
linux - security update
2014-10-31 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: kernel-3.17.2-300.fc21
2014-11-03 05:23:10
[SECURITY] Fedora 20 Update: kernel-3.16.6-203.fc20
2014-10-28 06:44:32
[SECURITY] Fedora 20 Update: kernel-3.17.3-200.fc20
2014-11-20 23:04:23
suse
suse
Security update for the Linux Kernel (important)
2015-01-16 14:05:04
Security update for Linux kernel (important)
2014-12-23 19:06:22
Security update for Linux kernel (important)
2014-12-24 08:08:49
f5
f5
K15912 : Linux kernel driver vulnerabilities CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, and CVE-2014-3646
2015-01-31 00:00:00
SOL15912 - Linux kernel driver vulnerabilities CVE-2014-3184, CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, and CVE-2014-3646
2014-12-16 00:00:00
redhat
redhat
(RHSA-2014:1843) Important: kernel security and bug fix update
2014-11-11 00:00:00
(RHSA-2014:1724) Important: kernel security and bug fix update
2014-10-28 00:00:00
(RHSA-2015:0126) Critical: rhev-hypervisor6 security update
2015-02-04 00:00:00

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

31.6%

JSON
Related for RHSA-2015:0869
nessus42oraclelinux10centos3openvas52mageia6ubuntu7securityvulns4prion2cve2ubuntucve2debiancve2archlinux2debian2osv1fedora13suse7f52redhat4