4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
26.7%
Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS crash)
by leveraging incorrect PIT emulation.
A local guest user with access to the PIT i/o ports could use this flaw to
crash the host.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support CVE disclosure was part of miscoordinated CRD (various (incomplete) commits were publicly leaked by other vendors and upstream before the embargo was lifted). Updates for linux on Ubuntu 14.04 LTS were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux-lts-trusty on Ubuntu 12.04 LTS were made available to users on 2014/10/29 but due to a process error, USN publication did not happen until 2014/10/30. Updates for linux on Ubuntu 14.10 were made available to users on 2014/10/28 but due to a process error, USN publication did not happen until 2014/10/31. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | linux | < 2.6.32-71.138 | UNKNOWN |
ubuntu | 12.04 | noarch | linux | < 3.2.0-72.107 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-39.66 | UNKNOWN |
ubuntu | 14.10 | noarch | linux | < 3.16.0-24.32 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1641.59 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-375.92 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-39.66~precise1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1456.76 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2014-3611
nvd.nist.gov/vuln/detail/CVE-2014-3611
security-tracker.debian.org/tracker/CVE-2014-3611
ubuntu.com/security/notices/USN-2394-1
ubuntu.com/security/notices/USN-2395-1
ubuntu.com/security/notices/USN-2396-1
ubuntu.com/security/notices/USN-2417-1
ubuntu.com/security/notices/USN-2418-1
ubuntu.com/security/notices/USN-2462-1
ubuntu.com/security/notices/USN-2491-1
www.cve.org/CVERecord?id=CVE-2014-3611
4.7 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
26.7%