Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-3610
HistoryOct 23, 2014 - 12:00 a.m.

CVE-2014-3610

2014-10-2300:00:00
ubuntu.com
ubuntu.com
30
linux kernel
kvm subsystem
denial of service
model-specific register
guest os privileges
host os crash

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.2%

The WRMSR processing functionality in the KVM subsystem in the Linux kernel
through 3.17.2 does not properly handle the writing of a non-canonical
address to a model-specific register, which allows guest OS users to cause
a denial of service (host OS crash) by leveraging guest OS privileges,
related to the wrmsr_interception function in arch/x86/kvm/svm.c and the
handle_wrmsr function in arch/x86/kvm/vmx.c.
A privileged guest user can use this flaw to crash the host.
Enabling CONFIG_PARAVIRT when building the kernel mitigates this issue
because wrmsrl() ends up invoking safe msr write variant.

Bugs

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support CVE disclosure was part of miscoordinated CRD (various (incomplete) commits were publicly leaked by other vendors and upstream before the embargo was lifted). Updates for linux on Ubuntu 14.04 LTS were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux-lts-trusty on Ubuntu 12.04 LTS were made available to users on 2014/10/29 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux on Ubuntu 14.10 were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/31.
henrix According to http://seclists.org/oss-sec/2014/q4/438 a second commit is required; however, commit 8b3c3104c3f4f706e99365c3e0d2aa61b95f969f is just a ‘nice to have’, but not really fixing this CVE.

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.2%