CVE-2014-3611

2014-10-2300:00:00

ubuntu.com

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

25.9%

JSON

Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS crash)
by leveraging incorrect PIT emulation.
A local guest user with access to the PIT i/o ports could use this flaw to
crash the host.

Bugs

<https://launchpad.net/bugs/1384540>

Notes

Author	Note
jdstrand	android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support CVE disclosure was part of miscoordinated CRD (various (incomplete) commits were publicly leaked by other vendors and upstream before the embargo was lifted). Updates for linux on Ubuntu 14.04 LTS were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux-lts-trusty on Ubuntu 12.04 LTS were made available to users on 2014/10/29 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux on Ubuntu 14.10 were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/31.

Author

Note

jdstrand

android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support CVE disclosure was part of miscoordinated CRD (various (incomplete) commits were publicly leaked by other vendors and upstream before the embargo was lifted). Updates for linux on Ubuntu 14.04 LTS were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux-lts-trusty on Ubuntu 12.04 LTS were made available to users on 2014/10/29 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux on Ubuntu 14.10 were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/31.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-71.138UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-72.107UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-39.66UNKNOWN
ubuntu14.10noarchlinux< 3.16.0-24.32UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1641.59UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-375.92UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-39.66~precise1UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1456.76UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	linux	< 2.6.32-71.138	UNKNOWN
ubuntu	12.04	noarch	linux	< 3.2.0-72.107	UNKNOWN
ubuntu	14.04	noarch	linux	< 3.13.0-39.66	UNKNOWN
ubuntu	14.10	noarch	linux	< 3.16.0-24.32	UNKNOWN
ubuntu	12.04	noarch	linux-armadaxp	< 3.2.0-1641.59	UNKNOWN
ubuntu	10.04	noarch	linux-ec2	< 2.6.32-375.92	UNKNOWN
ubuntu	12.04	noarch	linux-lts-trusty	< 3.13.0-39.66~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-ti-omap4	< 3.2.0-1456.76	UNKNOWN