CVE-2014-0155

2014-04-1423:55:07

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

5.5

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:N/I:N/A:C

AI Score

6.2

Confidence

Low

EPSS

0.001

Percentile

39.4%

JSON

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 3.14.4-1linux_3.14.4-1_all.deb
Debian11alllinux< 3.14.4-1linux_3.14.4-1_all.deb
Debian999alllinux< 3.14.4-1linux_3.14.4-1_all.deb
Debian13alllinux< 3.14.4-1linux_3.14.4-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 3.14.4-1	linux_3.14.4-1_all.deb
Debian	11	all	linux	< 3.14.4-1	linux_3.14.4-1_all.deb
Debian	999	all	linux	< 3.14.4-1	linux_3.14.4-1_all.deb
Debian	13	all	linux	< 3.14.4-1	linux_3.14.4-1_all.deb