CVE-2014-8134LOW
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.
References
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8134.html
http://rhn.redhat.com/errata/RHSA-2016-0855.html
http://secunia.com/advisories/62336
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/71650
http://www.spinics.net/lists/kvm/msg111458.html
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1400314
https://bugzilla.novell.com/show_bug.cgi?id=909078
https://bugzilla.redhat.com/show_bug.cgi?id=1172765
https://support.f5.com/csp/article/K17120
https://support.f5.com/csp/article/K17120?utm_source=f5support&utm_medium=RSS
Details
Source: MITRE
Published: 2014-12-12
Updated: 2020-08-14
Type: NVD-CWE-noinfo
Risk Information
CVSS v2
Base Score: 1.9
Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 3.4
Severity: LOW
CVSS v3
Base Score: 3.3
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 1.8
Severity: LOW
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 3.18 (inclusive)
Configuration 2
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Configuration 3
OR
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
Configuration 4
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124980 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1527) | Nessus | Huawei Local Security Checks | critical |
| 99163 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) | Nessus | OracleVM Local Security Checks | critical |
| 91643 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510) | Nessus | Scientific Linux Local Security Checks | high |
| 91210 | Oracle Linux 6 : kernel (ELSA-2016-0855) | Nessus | Oracle Linux Local Security Checks | high |
| 91170 | CentOS 6 : kernel (CESA-2016:0855) | Nessus | CentOS Local Security Checks | high |
| 91077 | RHEL 6 : kernel (RHSA-2016:0855) | Nessus | Red Hat Local Security Checks | high |
| 83696 | SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1) | Nessus | SuSE Local Security Checks | high |
| 82756 | openSUSE Security Update : Linux Kernel (openSUSE-2015-302) | Nessus | SuSE Local Security Checks | critical |
| 82755 | openSUSE Security Update : the Linux Kernel (openSUSE-2015-301) | Nessus | SuSE Local Security Checks | high |
| 82691 | OracleVM 3.3 : kernel-uek (OVMSA-2015-0040) | Nessus | OracleVM Local Security Checks | high |
| 82138 | Debian DLA-155-1 : linux-2.6 security update | Nessus | Debian Local Security Checks | critical |
| 82020 | SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 10412 / 10415 / 10416) | Nessus | SuSE Local Security Checks | high |
| 81966 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012) | Nessus | Oracle Linux Local Security Checks | high |
| 80376 | Fedora 19 : kernel-3.14.27-100.fc19 (2014-17244) | Nessus | Fedora Local Security Checks | medium |
| 80168 | Ubuntu 14.10 : linux regression (USN-2448-2) | Nessus | Ubuntu Local Security Checks | high |
| 80167 | Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2447-2) | Nessus | Ubuntu Local Security Checks | high |
| 80146 | Fedora 21 : kernel-3.17.7-300.fc21 (2014-17293) | Nessus | Fedora Local Security Checks | medium |
| 80145 | Fedora 20 : kernel-3.17.7-200.fc20 (2014-17283) | Nessus | Fedora Local Security Checks | medium |
| 80034 | Ubuntu 14.10 : linux vulnerabilities (USN-2448-1) | Nessus | Ubuntu Local Security Checks | high |
| 80033 | Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2447-1) | Nessus | Ubuntu Local Security Checks | high |
| 80032 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2446-1) | Nessus | Ubuntu Local Security Checks | high |
| 80031 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2445-1) | Nessus | Ubuntu Local Security Checks | high |
| 80030 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2443-1) | Nessus | Ubuntu Local Security Checks | high |
| 80029 | Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2442-1) | Nessus | Ubuntu Local Security Checks | high |
| 80028 | Ubuntu 10.04 LTS : linux vulnerabilities (USN-2441-1) | Nessus | Ubuntu Local Security Checks | high |