CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping…

medium4.3CVSS 3.1

AVAACHAuSCNINAC

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.

Affected

22 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	linux	< linux 3.16.7-ckt2-1 (bookworm)	linux 3.16.7-ckt2-1 (bookworm)
debian	linux	< linux 3.16.2-1 (bookworm)	linux 3.16.2-1 (bookworm)
linux	linux_kernel	<= 3.16.1	—
linux	linux_kernel	<= 3.17.2	—
linux	linux_kernel	—	—
linux	linux_kernel	>= 0 < 3.16.7-ckt2-1	3.16.7-ckt2-1
linux	linux_kernel	>= 0 < 3.16.2-1	3.16.2-1
linux	linux_kernel	>= 0 < 3.16.7-ckt2-1	3.16.7-ckt2-1
linux	linux_kernel	>= 0 < 3.16.2-1	3.16.2-1
linux	linux_kernel	>= 0 < 3.16.7-ckt2-1	3.16.7-ckt2-1
linux	linux_kernel	>= 0 < 3.16.2-1	3.16.2-1
linux	linux_kernel	>= 0 < 3.16.7-ckt2-1	3.16.7-ckt2-1
linux	linux_kernel	>= 0 < 3.16.2-1	3.16.2-1
linux	linux_kernel	>= 0 < 3.13.0-36.63	3.13.0-36.63
opensuse	evergreen	—	—
suse	linux_enterprise_real_time_extension	—	—
suse	linux_enterprise_real_time_extension	—	—
suse	linux_enterprise_server	—	—
suse	suse_linux_enterprise_server	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

nvd4.3MEDIUMAV:A/AC:H/Au:S/C:N/I:N/A:C

osv4.3MEDIUM