CVE-2014-3610 — Uncaught Exception in Kernel
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 84.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 10
Latest updateMay 13
Description
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
Also affects: Ubuntu Linux 10.04, 12.04, Debian Linux 7.0
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-f8g7-wvf8-qh5r: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3↗2022-05-13
CVEList▶
CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3↗2014-11-10
OSV▶
CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3↗2014-11-10
OSV▶
CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3↗2014-10-23