SB2014102503 - Fedora 21 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014102503

SB2014102503 - Fedora 21 update for kernel

Published: October 25, 2014 Updated: April 24, 2025

Security Bulletin ID SB2014102503
Severity
Medium
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 70% Low 30%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-3646)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.


2) Race condition (CVE-ID: CVE-2014-3611)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-3610)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.


4) Resource management error (CVE-ID: CVE-2014-3673)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.


5) Resource management error (CVE-ID: CVE-2014-3690)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.


6) Resource management error (CVE-ID: CVE-2014-3687)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.


7) Resource management error (CVE-ID: CVE-2014-3688)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.


8) Input validation error (CVE-ID: CVE-2014-8369)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.


9) NULL pointer dereference (CVE-ID: CVE-2014-8480)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the I() function in arch/x86/kvm/emulate.c. A local user can perform a denial of service (DoS) attack.


10) NULL pointer dereference (CVE-ID: CVE-2014-8481)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the decode_operand() function in arch/x86/kvm/emulate.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References