Arch Linux Security Advisory ASA-201411-15
=========================================
Severity: Medium
Date    : 2014-11-17
CVE-ID  : CVE-2014-3610, CVE-2014-3611, CVE-2014-3646, CVE-2014-3647,
CVE-2014-7825, CVE-2014-7826, CVE-2014-8369
Package : linux-lts
Type    : local denial of service, privilege escalation
Remote  : No
Link    : https://wiki.archlinux.org/title/CVE-2014

Summary
======
The package linux-lts before version 3.14.24-1 is vulnerable to local
denial service and privilege escalation via various issues.

Resolution
=========
Upgrade to 3.14.24-1.

# pacman -Syu "linux-lts>=3.14.24-1"

The problem has been fixed upstream in version 3.14.24.

Workaround
=========
None.

Description
==========
CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem
in the Linux kernel does not properly handle the writing of a
non-canonical address to a model-specific register, which allows guest
OS users to cause a denial of service (host OS crash) by leveraging
guest OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

CVE-2014-3611: Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel allows
guest OS users to cause a denial of service (host OS crash) by
leveraging incorrect PIT emulation.

CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux
kernel does not have an exit handler for the INVVPID instruction, which
allows guest OS users to cause a denial of service (guest OS crash) via
a crafted application.

CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux
kernel does not properly perform RIP changes, which allows guest OS
users to cause a denial of service (guest OS crash) via a crafted
application.

CVE-2014-7825: kernel/trace/trace_syscalls.c in the Linux kernel does
not properly handle private syscall numbers during use of the perf
subsystem, which allows local users to cause a denial of service
(out-of-bounds read and OOPS) or bypass the ASLR protection mechanism
via a crafted application.

CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does not properly handle private syscall numbers during use of
the ftrace subsystem, which allows local users to gain privileges or
cause a denial of service (invalid pointer dereference) via a crafted
application.

CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in
the Linux kernel miscalculates the number of pages during the handling
of a mapping failure, which allows guest OS users to cause a denial of
service (host OS page unpinning) or possibly have unspecified other
impact by leveraging guest OS privileges. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2014-3601.

Impact
=====
A local OS user may be able to cause a kernel crash in various ways, or
escalate privileges.

References
=========
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3610
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3611
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3646
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3647
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7825
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7826
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8369

ArchLinux: 201411-15: linux-lts: local denial of service, privilege escalation

November 17, 2014

Summary

CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c. CVE-2014-3611: Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.
CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.
CVE-2014-7825: kernel/trace/trace_syscalls.c in the Linux kernel does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.
CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.

Resolution

Upgrade to 3.14.24-1. # pacman -Syu "linux-lts>=3.14.24-1"
The problem has been fixed upstream in version 3.14.24.

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3610 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3611 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3646 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3647 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7825 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7826 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8369

Severity
CVE-2014-7825, CVE-2014-7826, CVE-2014-8369
Package : linux-lts
Type : local denial of service, privilege escalation
Remote : No
Link : https://wiki.archlinux.org/title/CVE-2014

Workaround

None.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved