CVE-2014-3601

2014-09-0101:55:18

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:H/Au:S/C:N/I:N/A:C

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

61.1%

JSON

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.

Affected configurations

Nvd

Node

suselinux_enterprise_real_time_extensionMatch11.0sp3

opensuseevergreenMatch11.4

suselinux_enterprise_serverMatch11sp2ltss

susesuse_linux_enterprise_serverMatch11

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

Node

linuxlinux_kernelRange≤3.16.1

linuxlinux_kernelMatch3.16.0

VendorProductVersionCPE
suselinux_enterprise_real_time_extension11.0cpe:2.3:a:suse:linux_enterprise_real_time_extension:11.0:sp3:*:*:*:*:*:*
opensuseevergreen11.4cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
susesuse_linux_enterprise_server11cpe:2.3:o:suse:suse_linux_enterprise_server:11:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel3.16.0cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
suse	linux_enterprise_real_time_extension	11.0	cpe:2.3:a:suse:linux_enterprise_real_time_extension:11.0:sp3::::::
opensuse	evergreen	11.4	cpe:2.3:o:opensuse:evergreen:11.4:::::::*
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss:::*
suse	suse_linux_enterprise_server	11	cpe:2.3:o:suse:suse_linux_enterprise_server:11:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	3.16.0	cpe:2.3:o:linux:linux_kernel:3.16.0:::::::*