CVE-2014-3646

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-3646
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.7 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0126.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0284.html Third Party Advisory
http://www.debian.org/security/2014/dsa-3060 Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/24/9 Mailing List Patch Third Party Advisory
http://www.ubuntu.com/usn/USN-2394-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2417-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2418-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1144825 Issue Tracking Patch Third Party Advisory
https://github.com/torvalds/linux/commit/a642fc305053cc1c6e47e4f4df327895747ab485 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
History

13 Feb 2023, 00:41

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-3646', 'name': 'https://access.redhat.com/security/cve/CVE-2014-3646', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2014:1724', 'name': 'https://access.redhat.com/errata/RHSA-2014:1724', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0284', 'name': 'https://access.redhat.com/errata/RHSA-2015:0284', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0126', 'name': 'https://access.redhat.com/errata/RHSA-2015:0126', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2014:1843', 'name': 'https://access.redhat.com/errata/RHSA-2014:1843', 'tags': [], 'refsource': 'MISC'}
Summary It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

02 Feb 2023, 15:16

Type Values Removed Values Added
Summary arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest.
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a642fc305053cc1c6e47e4f4df327895747ab485', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a642fc305053cc1c6e47e4f4df327895747ab485', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'}
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-3646 -
  • (MISC) https://access.redhat.com/errata/RHSA-2014:1724 -
  • (MISC) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a642fc305053cc1c6e47e4f4df327895747ab485 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0284 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0126 -
  • (MISC) https://access.redhat.com/errata/RHSA-2014:1843 -
Information

Published : 2014-11-10 11:55

Updated : 2023-12-10 11:31

NVD link : CVE-2014-3646

Mitre link : CVE-2014-3646

CVE.ORG link : CVE-2014-3646

JSON object : View

Products Affected

opensuse

  • evergreen

debian

  • debian_linux

redhat

  • enterprise_linux

suse

  • suse_linux_enterprise_server

linux

  • linux_kernel

canonical

  • ubuntu_linux
CWE
NVD-CWE-noinfo