kernel: kvm: PIT timer race condition

A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT Programmable Interval Timer emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host...

Updated kernel-rt packages fix security vulnerabilities

This kernel-rt update provides as upgrade to upstream 3.14 longterm branch, currently based on 3.14.32 and fixes the following security issues: The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types,...

CVE-2015-0592

The Zone-Based Firewall implementation in Cisco IOS 15.42T3 and earlier allows remote attackers to cause a denial of service device reload via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672...

Cross site scripting

The Zone-Based Firewall implementation in Cisco IOS 15.42T3 and earlier allows remote attackers to cause a denial of service device reload via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672...

CVE-2015-0592

The Zone-Based Firewall implementation in Cisco IOS 15.42T3 and earlier allows remote attackers to cause a denial of service device reload via crafted network traffic that triggers incorrect kernel-timer handling, aka Bug ID CSCuh25672...

CVE-2014-7250

The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service resource consumption via crafted packets...

BSD Operating Systems vulnerable to denial-of-service (DoS)

Overview BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Hiroki Takakura reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

JVN#07930208: BSD Operating Systems vulnerable to denial-of-service (DoS)

BSD operating systems contain an issue in the handling of the TCP session timer, which may lead to a denial-of-service DoS vulnerability. Impact When a sepcially crafted packet from a malicious server is received, a condition where client resources are not released may occur. As a result, clients...

kernel: kvm: PIT timer race condition

A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT Programmable Interval Timer emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host...

DEBIAN-CVE-2014-3611

Race condition in the kvmmigratepittimer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service host OS crash by leveraging incorrect PIT emulation...

DEBIAN-CVE-2013-4527

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers...

CVE-2013-4527

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers...

CVE-2013-4527

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers...

Ubuntu 14.10 : linux vulnerabilities (USN-2396-1)

Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...

Ubuntu: Security Advisory (USN-2394-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2394-1)

Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...

USN-2395-1 linux vulnerabilities

Nadav Amit reported that the KVM Kernel Virtual Machine mishandles noncanonical addresses when emulating instructions that change the rip Instruction Pointer. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service system crash of the guest. CVE-2014-3647 A flaw...

UBUNTU-CVE-2014-3611

Race condition in the kvmmigratepittimer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service host OS crash by leveraging incorrect PIT emulation. A local guest user with access to the PIT i/o ports could use...

PT-2014-5418 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.17.2 Description: A race condition in the kvm migrate pit timer function in the KVM subsystem allows guest OS users to cause a denial of service host OS crash by leveraging incorrect PIT emulation. A local gues...

qemu: hpet: buffer overrun on invalid state load

Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow remote attackers to execute arbitrary code via vectors related to the number of timers...