CVE-2014-3610 — MEDIUM (5.5)

Q: How severe is CVE-2014-3610?

CVE-2014-3610 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3610?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Opensuse Evergreen, Suse Suse Linux Enterprise Server.

Vulnerability Description

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.17.2
Canonical	Ubuntu Linux	10.04
Debian	Debian Linux	7.0
Opensuse	Evergreen	11.4
Suse	Suse Linux Enterprise Server	11

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0869.htmlThird Party Advisory
http://www.debian.org/security/2014/dsa-3060Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/10/24/9Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/70742Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2394-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2417-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2418-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2491-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1144883Issue TrackingPatchThird Party Advisory
https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b2ExploitPatchThird Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2014-3610?

CVE-2014-3610 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows gu...

How severe is CVE-2014-3610?

CVE-2014-3610 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3610?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Debian Debian Linux, Opensuse Evergreen, Suse Suse Linux Enterprise Server.