CVE - CVE-2014-8369

CVE-ID
CVE-2014-8369	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:70747 URL:http://www.securityfocus.com/bid/70747 BID:70749 URL:http://www.securityfocus.com/bid/70749 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1156518 CONFIRM:https://github.com/torvalds/linux/commit/3d32e4dbe71374a6780eaf51d719d76f9a9bf22f DEBIAN:DSA-3093 URL:http://www.debian.org/security/2014/dsa-3093 MLIST:[linux-kernel] 20141024 [PATCH 13/14] kvm: fix excessive pages un-pinning in kvm_iommu_map error path. URL:https://lkml.org/lkml/2014/10/24/460 MLIST:[oss-security] 20141024 CVE-2014-8369 - Linux kernel iommu.c excessive unpinning URL:http://www.openwall.com/lists/oss-security/2014/10/24/7 REDHAT:RHSA-2015:0674 URL:http://rhn.redhat.com/errata/RHSA-2015-0674.html SECUNIA:62326 URL:http://secunia.com/advisories/62326 SECUNIA:62336 URL:http://secunia.com/advisories/62336 SUSE:SUSE-SU-2015:0481 URL:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html SUSE:SUSE-SU-2015:0736 URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html SUSE:openSUSE-SU-2015:0566 URL:http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Assigning CNA
MITRE Corporation
Date Record Created
20141021	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20141021)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)