Red Hat, Inc. (AV:A/AC:L/Au:S/C:N/I:N/A:C)

It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host.

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

https://access.redhat.com/errata/RHSA-2015:0869 [No Types Assigned]

https://access.redhat.com/security/cve/CVE-2014-3610 [No Types Assigned]

Red Hat, Inc. (AV:A/AC:L/Au:S/C:N/I:N/A:C)

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host.

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2015:0869 [No Types Assigned]

https://access.redhat.com/security/cve/CVE-2014-3610 [No Types Assigned]

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 [Exploit, Mailing List, Patch, Vendor Advisory]

OR
     *cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

OR
     *cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
     *cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp2:*:*:ltss:*:*:*

OR
     *cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*
  

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 3.17.2

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NIST NVD-CWE-noinfo

NIST CWE-264

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 No Types Assigned

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 Exploit, Mailing List, Patch, Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html Mailing List, Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0869.html No Types Assigned

http://rhn.redhat.com/errata/RHSA-2015-0869.html Third Party Advisory

http://www.debian.org/security/2014/dsa-3060 No Types Assigned

http://www.debian.org/security/2014/dsa-3060 Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/10/24/9 No Types Assigned

http://www.openwall.com/lists/oss-security/2014/10/24/9 Mailing List, Patch, Third Party Advisory

http://www.securityfocus.com/bid/70742 No Types Assigned

http://www.securityfocus.com/bid/70742 Third Party Advisory, VDB Entry

http://www.ubuntu.com/usn/USN-2394-1 No Types Assigned

http://www.ubuntu.com/usn/USN-2394-1 Third Party Advisory

http://www.ubuntu.com/usn/USN-2417-1 No Types Assigned

http://www.ubuntu.com/usn/USN-2417-1 Third Party Advisory

http://www.ubuntu.com/usn/USN-2418-1 No Types Assigned

http://www.ubuntu.com/usn/USN-2418-1 Third Party Advisory

http://www.ubuntu.com/usn/USN-2491-1 No Types Assigned

http://www.ubuntu.com/usn/USN-2491-1 Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1144883 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=1144883 Issue Tracking, Patch, Third Party Advisory

https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 Exploit

https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23 Exploit, Patch, Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0869.html [No Types Assigned]

http://www.securityfocus.com/bid/70742 [No Types Assigned]

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html

http://www.ubuntu.com/usn/USN-2491-1

http://www.debian.org/security/2014/dsa-3060

http://www.ubuntu.com/usn/USN-2417-1

http://www.ubuntu.com/usn/USN-2418-1

http://www.ubuntu.com/usn/USN-2394-1