Vigil@nce - Linux kernel: multiple vulnerabilities of KVM
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of KVM of the Linux
kernel.
Impacted products: Debian, Linux, RHEL, Ubuntu
Severity: 2/4
Creation date: 27/10/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities have been announced in KVM.
A privileged attacker in a guest system can use the machine
instruction WRMSR, in order to trigger a denial of service.
[severity:1/4; CVE-2014-3610]
A attacker in a guest system can exploit a race condition, in
order to trigger a denial of service. [severity:2/4; CVE-2014-3611]
A attacker in a guest system can use the INVEPT instruction, in
order to interrupt the virtual machine and so trigger a denial of
service. [severity:1/4; CVE-2014-3645]
A attacker in a guest system can use the INVVPID instruction, in
order to interrupt the virtual machine and so trigger a denial of
service. [severity:1/4; CVE-2014-3646]
A attacker in a guest system can use jumps with non canonical
addresses, in order to distub the virtual machine and so trigger a
denial of service. [severity:2/4; CVE-2014-3647]
The vulnerability described in the bulletin VIGILANCE-VUL-15255
has not been rightly fixed by the previous patches
(VIGILANCE-SOL-36337). So, the vulnerability remains applicable.
[severity:1/4; CVE-2014-3601, CVE-2014-8369]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-multiple-vulnerabilities-of-KVM-15541