CVE-2014-8369

 

Published at: - 10-11-2014 12:55

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://bugzilla.redhat.com/show_bug.cgi?id=1156518
• [oss-security] 20141024 CVE-2014-8369 - Linux kernel iommu.c excessive unpinning-Mailing List, Patch, Third Party Advisory
• [linux-kernel] 20141024 [PATCH 13/14] kvm: fix excessive pages un-pinning in kvm_iommu_map error path.-Exploit, Mailing List, Patch, Third Party Advisory
• https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
• 62326-Broken Link
• 70749-Third Party Advisory, VDB Entry
• 62336-Broken Link
• DSA-3093-Third Party Advisory
• SUSE-SU-2015:0481-Mailing List, Third Party Advisory
• RHSA-2015:0674-Third Party Advisory
• openSUSE-SU-2015:0566-Mailing List, Third Party Advisory
• 70747-Third Party Advisory, VDB Entry
• SUSE-SU-2015:0736-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2014-8369

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures