Ubuntu.comUB:CVE-2014-3610CVE-2014-3610
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
32.5%
The WRMSR processing functionality in the KVM subsystem in the Linux kernel
through 3.17.2 does not properly handle the writing of a non-canonical
address to a model-specific register, which allows guest OS users to cause
a denial of service (host OS crash) by leveraging guest OS privileges,
related to the wrmsr_interception function in arch/x86/kvm/svm.c and the
handle_wrmsr function in arch/x86/kvm/vmx.c.
A privileged guest user can use this flaw to crash the host.
Enabling CONFIG_PARAVIRT when building the kernel mitigates this issue
because wrmsrl() ends up invoking safe msr write variant.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support CVE disclosure was part of miscoordinated CRD (various (incomplete) commits were publicly leaked by other vendors and upstream before the embargo was lifted). Updates for linux on Ubuntu 14.04 LTS were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux-lts-trusty on Ubuntu 12.04 LTS were made available to users on 2014/10/29 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux on Ubuntu 14.10 were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/31. |
| henrix | According to http://seclists.org/oss-sec/2014/q4/438 a second commit is required; however, commit 8b3c3104c3f4f706e99365c3e0d2aa61b95f969f is just a ‘nice to have’, but not really fixing this CVE. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | linux | <Â 2.6.32-71.138 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux | <Â 3.2.0-72.107 | UNKNOWN |
| ubuntu | 14.04 | noarch | linux | <Â 3.13.0-39.66 | UNKNOWN |
| ubuntu | 14.10 | noarch | linux | <Â 3.16.0-24.32 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-armadaxp | <Â 3.2.0-1641.59 | UNKNOWN |
| ubuntu | 10.04 | noarch | linux-ec2 | <Â 2.6.32-375.92 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-lts-trusty | <Â 3.13.0-39.66~precise1 | UNKNOWN |
| ubuntu | 12.04 | noarch | linux-ti-omap4 | <Â 3.2.0-1456.76 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2014-3610
nvd.nist.gov/vuln/detail/CVE-2014-3610
security-tracker.debian.org/tracker/CVE-2014-3610
ubuntu.com/security/notices/USN-2394-1
ubuntu.com/security/notices/USN-2395-1
ubuntu.com/security/notices/USN-2396-1
ubuntu.com/security/notices/USN-2417-1
ubuntu.com/security/notices/USN-2418-1
ubuntu.com/security/notices/USN-2462-1
ubuntu.com/security/notices/USN-2491-1
www.cve.org/CVERecord?id=CVE-2014-3610
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
32.5%