7.4 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
65.5%
Buffer overflow in the complete_emulated_mmio function in
arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users
to execute arbitrary code on the host OS by leveraging a loop that triggers
an invalid memory copy affecting certain cancel_work_item data.
Author | Note |
---|---|
jdstrand | android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.10 | noarch | linux | < 3.5.0-49.73 | UNKNOWN |
ubuntu | 13.10 | noarch | linux | < 3.11.0-20.34 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-armadaxp | < 3.5.0-1630.39 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-quantal | < 3.5.0-49.73~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-raring | < 3.8.0-39.57~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-saucy | < 3.11.0-20.34~precise1 | UNKNOWN |
ubuntu | 12.10 | noarch | linux-ti-omap4 | < 3.5.0-241.57 | UNKNOWN |
ubuntu | 13.10 | noarch | linux-ti-omap4 | < 3.5.0-241.57 | UNKNOWN |
seclists.org/oss-sec/2014/q1/468
launchpad.net/bugs/cve/CVE-2014-0049
nvd.nist.gov/vuln/detail/CVE-2014-0049
security-tracker.debian.org/tracker/CVE-2014-0049
ubuntu.com/security/notices/USN-2175-1
ubuntu.com/security/notices/USN-2176-1
ubuntu.com/security/notices/USN-2177-1
ubuntu.com/security/notices/USN-2178-1
ubuntu.com/security/notices/USN-2179-1
ubuntu.com/security/notices/USN-2180-1
ubuntu.com/security/notices/USN-2181-1
www.cve.org/CVERecord?id=CVE-2014-0049