Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-3647
HistoryOct 23, 2014 - 12:00 a.m.

CVE-2014-3647

2014-10-2300:00:00
ubuntu.com
ubuntu.com
37

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.0%

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through
3.17.2 does not properly perform RIP changes, which allows guest OS users
to cause a denial of service (guest OS crash) via a crafted application.
A guest user with access to I/O or MMIO region can use this flaw to crash the
guest.

Bugs

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support CVE disclosure was part of miscoordinated CRD (various (incomplete) commits were publicly leaked by other vendors and upstream before the embargo was lifted). Updates for linux on Ubuntu 14.04 LTS were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux-lts-trusty on Ubuntu 12.04 LTS were made available to users on 2014/10/29 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux on Ubuntu 14.10 were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/31.
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlinux< 3.2.0-72.107UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-39.66UNKNOWN
ubuntu14.10noarchlinux< 3.16.0-24.32UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1641.59UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-39.66~precise1UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1456.76UNKNOWN

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.0%