CVE-2014-3610

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://rhn.redhat.com/errata/RHSA-2015-0869.html

http://www.debian.org/security/2014/dsa-3060

http://www.openwall.com/lists/oss-security/2014/10/24/9

http://www.securityfocus.com/bid/70742

http://www.ubuntu.com/usn/USN-2394-1

http://www.ubuntu.com/usn/USN-2417-1

http://www.ubuntu.com/usn/USN-2418-1

http://www.ubuntu.com/usn/USN-2491-1

https://bugzilla.redhat.com/show_bug.cgi?id=1144883

https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23

Details

Source: MITRE

Published: 2014-11-10

Updated: 2020-08-13

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
127146NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)NessusNewStart CGSL Local Security Checks
critical
124810EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1486)NessusHuawei Local Security Checks
high
124804EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
85097Oracle Linux 6 : kernel (ELSA-2015-1272)NessusOracle Linux Local Security Checks
high
83696SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)NessusSuSE Local Security Checks
high
83665SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0068-1)NessusSuSE Local Security Checks
high
83029Scientific Linux Security Update : kvm on SL5.x x86_64 (20150422)NessusScientific Linux Local Security Checks
medium
83027RHEL 5 : kvm (RHSA-2015:0869)NessusRed Hat Local Security Checks
medium
83026Oracle Linux 5 : kvm (ELSA-2015-0869)NessusOracle Linux Local Security Checks
medium
83001CentOS 5 : kvm (CESA-2015:0869)NessusCentOS Local Security Checks
medium
82691OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)NessusOracleVM Local Security Checks
high
81966Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)NessusOracle Linux Local Security Checks
high
81164Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2491-1)NessusUbuntu Local Security Checks
high
80510Ubuntu 10.04 LTS : linux vulnerabilities (USN-2462-1)NessusUbuntu Local Security Checks
medium
80250SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 10103)NessusSuSE Local Security Checks
high
80249SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 10037 / 10040)NessusSuSE Local Security Checks
high
79610Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)NessusMandriva Local Security Checks
high
79433Ubuntu 12.04 LTS : linux vulnerabilities (USN-2417-1)NessusUbuntu Local Security Checks
high
79258Fedora 19 : kernel-3.14.23-100.fc19 (2014-14068)NessusFedora Local Security Checks
high
78821Ubuntu 14.10 : linux vulnerabilities (USN-2396-1)NessusUbuntu Local Security Checks
medium
78814Fedora 21 : kernel-3.17.2-300.fc21 (2014-14126)NessusFedora Local Security Checks
high
78784Debian DSA-3060-1 : linux - security updateNessusDebian Local Security Checks
high
78765Ubuntu 14.04 LTS : linux vulnerabilities (USN-2395-1)NessusUbuntu Local Security Checks
medium
78764Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2394-1)NessusUbuntu Local Security Checks
medium
78716Fedora 20 : kernel-3.16.6-203.fc20 (2014-13773)NessusFedora Local Security Checks
medium