CVE-2014-3601

CWE-18918 documents9 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 43.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux Linux KernelCanonical Ubuntu LinuxOpensuse Evergreen+3 more
Timeline
PublishedSep 1
Latest updateMay 14

Description

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.

CVSS vector

AV:A/AC:H/C:N/I:N/A:CExploitability: 2.5 | Impact: 6.9

Affected Packages7 packages

NVDlinux/linux_kernel3.16.1+1
Debianlinux< 3.16.2-1+3
Ubuntulinux< 3.13.0-36.63

Also affects: Ubuntu Linux 12.04, 14.04

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

7
GHSA
GHSA-58c4-c7v3-ccxc: The kvm_iommu_map_pages function in virt/kvm/iommu2022-05-14
Kernel
kvm: fix excessive pages un-pinning in kvm_iommu_map error path.2014-10-17
OSV
linux vulnerabilities2014-09-23
OSV
CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu2014-09-01
CVEList
CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu2014-09-01

📋Vendor Advisories

7
Red Hat
kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path2014-10-24
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2014-09-23
Ubuntu
Linux kernel vulnerabilities2014-09-23
Ubuntu
Linux kernel vulnerabilities2014-09-23
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-09-23

💬Community

3
Bugzilla
CVE-2014-8369 kernel: kvm: excessive pages un-pinning in kvm_iommu_map error path2014-10-24
Bugzilla
CVE-2014-3601 kernel: kvm: invalid parameter passing in kvm_iommu_map_pages() [fedora-all]2014-09-19
Bugzilla
CVE-2014-3601 kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()2014-08-20