Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3690

Опубликовано: 10 нояб. 2014
Источник: nvd
CVSS3: 5.5
CVSS2: 4.9
EPSS Низкий

Описание

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия до 3.17.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:-:*:*:*:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:*:*:*:*:*:*
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.00022
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2014-3690

CVSS3: 5.5
ubuntu
больше 10 лет назад

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.

redhat логотип

CVE-2014-3690

redhat
больше 10 лет назад

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.

debian логотип

CVE-2014-3690

CVSS3: 5.5
debian
больше 10 лет назад

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.1 ...

github логотип

GHSA-647r-22pp-rpp3

CVSS3: 5.5
github
около 3 лет назад

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.

oracle-oval логотип

ELSA-2015-0864

oracle-oval
около 10 лет назад

ELSA-2015-0864: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 4%
0.00022
Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-400