6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0005 Low
EPSS
Percentile
17.5%
The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1
before 3.1.0.2 allows guest OS users to cause a denial of service (host OS
infinite loop and hang) via unspecified vectors.
Author | Note |
---|---|
seth-arnold | I haven’t determined if this CVE is specific to IBM’s PowerKVM Linux distribution or if this is an issue in the Linux kernel. |
sbeattie | it sounds possibly like this might be a PowerKVM “rebrand” of CVE-2016-5412. One of the two commits to address that was 93d17397e4e2182fdaad503e2f9da46202c0f1c3, which fixed a similar failure condition: a guest could trigger a host CPU to spin forever with interrupts disabled. Furthermore, the IBM xforce vulnerability page notes that the issue was reported on July 22, 2016, which also happens to be the exact date of the aforementioned git commit. looks like this is actually ccec44563b18a0ce90e2d4f332784b3cb25c8e9c |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-59.65~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-xenial | < 4.4.0-15.31~14.04.1 | UNKNOWN |
www.securityfocus.com/bid/92123/info
exchange.xforce.ibmcloud.com/vulnerabilities/114706
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccec44563b18a0ce90e2d4f332784b3cb25c8e9c
launchpad.net/bugs/cve/CVE-2016-3044
nvd.nist.gov/vuln/detail/CVE-2016-3044
security-tracker.debian.org/tracker/CVE-2016-3044
www-01.ibm.com/support/docview.wss?uid=isg3T1023969
www.cve.org/CVERecord?id=CVE-2016-3044
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.0005 Low
EPSS
Percentile
17.5%