The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160829.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/161144.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
http://www.debian.org/security/2015/dsa-3329
http://www.openwall.com/lists/oss-security/2015/06/21/1
http://www.securityfocus.com/bid/75142
http://www.securitytracker.com/id/1032798
http://www.ubuntu.com/usn/USN-2680-1
http://www.ubuntu.com/usn/USN-2681-1
http://www.ubuntu.com/usn/USN-2682-1
http://www.ubuntu.com/usn/USN-2683-1
http://www.ubuntu.com/usn/USN-2684-1
https://bugzilla.redhat.com/show_bug.cgi?id=1230770
https://github.com/torvalds/linux/commit/ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009
Source: MITRE
Published: 2015-07-27
Updated: 2017-09-22
Type: NVD-CWE-Other
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.1.3 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124988 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1535) | Nessus | Huawei Local Security Checks | high |
124811 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1487) | Nessus | Huawei Local Security Checks | high |
88545 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-124) | Nessus | SuSE Local Security Checks | critical |
85432 | openSUSE Security Update : the Linux Kernel (openSUSE-2015-543) | Nessus | SuSE Local Security Checks | high |
85281 | Debian DSA-3329-1 : linux - security update | Nessus | Debian Local Security Checks | high |
85180 | SUSE SLED12 / SLES12 Security Update : SUSE Linux Enterprise 12 kernel (SUSE-SU-2015:1324-1) | Nessus | SuSE Local Security Checks | high |
84986 | Ubuntu 14.10 : Linux kernel vulnerabilities (USN-2685-1) | Nessus | Ubuntu Local Security Checks | high |
84985 | Ubuntu 15.04 : linux vulnerabilities (USN-2684-1) | Nessus | Ubuntu Local Security Checks | high |
84984 | Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2683-1) | Nessus | Ubuntu Local Security Checks | high |
84983 | Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2682-1) | Nessus | Ubuntu Local Security Checks | high |
84982 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2681-1) | Nessus | Ubuntu Local Security Checks | high |
84981 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2680-1) | Nessus | Ubuntu Local Security Checks | high |
84480 | Fedora 21 : kernel-4.0.6-200.fc21 (2015-10678) | Nessus | Fedora Local Security Checks | medium |
84437 | Fedora 22 : kernel-4.0.6-300.fc22 (2015-10677) | Nessus | Fedora Local Security Checks | medium |