5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%
A flaw was discovered in how the Linux kernel’s KVM (Kernel Virtual
Machine) subsystem handles the CR4 control register at VM entry on Intel
processors. A local host OS user can exploit this to cause a denial of
service (kill arbitrary processes, or system disruption) by leveraging
/dev/kvm access. (CVE-2014-3690)
Don Bailey discovered a flaw in the LZO decompress algorithm used by the
Linux kernel. An attacker could exploit this flaw to cause a denial of
service (memory corruption or OOPS). (CVE-2014-4608)
Andy Lutomirski discovered a flaw in how the Linux kernel handles
pivot_root when used with a chroot directory. A local user could exploit
this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)
Andy Lutomirski discovered that the Linux kernel was not checking the
CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could
exploit this flaw to cause a denial of service (loss of writability).
(CVE-2014-7975)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | linux-image-3.13.0-40-generic | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | block-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | crypto-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | fat-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | fb-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | firewire-core-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | floppy-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | fs-core-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | fs-secondary-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
Ubuntu | 14.04 | noarch | input-modules-3.13.0-40-generic-di | < 3.13.0-40.69 | UNKNOWN |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.4%