linux: local denial of service, privilege escalation

CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem
in the Linux kernel does not properly handle the writing of a
non-canonical address to a model-specific register, which allows guest
OS users to cause a denial of service (host OS crash) by leveraging
guest OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

CVE-2014-3611: Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel allows
guest OS users to cause a denial of service (host OS crash) by
leveraging incorrect PIT emulation.

CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
kernel does not have an exit handler for the INVVPID instruction, which
allows guest OS users to cause a denial of service (guest OS crash) via
a crafted application.

CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux
kernel does not properly perform RIP changes, which allows guest OS
users to cause a denial of service (guest OS crash) via a crafted
application.

CVE-2014-7825: kernel/trace/trace_syscalls.c in the Linux kernel does
not properly handle private syscall numbers during use of the perf
subsystem, which allows local users to cause a denial of service
(out-of-bounds read and OOPS) or bypass the ASLR protection mechanism
via a crafted application.

CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does not properly handle private syscall numbers during use of
the ftrace subsystem, which allows local users to gain privileges or
cause a denial of service (invalid pointer dereference) via a crafted
application.

CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in
the Linux kernel miscalculates the number of pages during the handling
of a mapping failure, which allows guest OS users to cause a denial of
service (host OS page unpinning) or possibly have unspecified other
impact by leveraging guest OS privileges. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2014-3601.

CVE-2014-8480: The instruction decoder in arch/x86/kvm/emulate.c in the
KVM subsystem in the Linux kernel lacks intended decoder-table flags for
certain RIP-relative instructions, which allows guest OS users to cause
a denial of service (NULL pointer dereference and host OS crash) via a
crafted application.

CVE-2014-8481: The instruction decoder in arch/x86/kvm/emulate.c in the
KVM subsystem in the Linux kernel does not properly handle invalid
instructions, which allows guest OS users to cause a denial of service
(NULL pointer dereference and host OS crash) via a crafted application
that triggers (1) an improperly fetched instruction or (2) an
instruction that occupies too many bytes. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2014-8480.