CVE-2014-8134Kernel vulnerability

20 documents9 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 77.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linux KernelCanonical Ubuntu LinuxOpensuse Evergreen+3 more
Timeline
PublishedDec 12
Latest updateMay 13

Description

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages6 packages

Debianlinux/linux_kernel< 3.16.7-ckt4-1+3

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

Patches

Patch: people.canonical.comPatch: www.spinics.netPatch: bugzilla.redhat.com

🔴Vulnerability Details

7
GHSA
GHSA-m3qc-7rv2-p8pm: The paravirt_ops_setup function in arch/x86/kernel/kvm2022-05-13
OSV
linux-lts-utopic regression2014-12-19
OSV
CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm2014-12-12
CVEList
CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm2014-12-12
OSV
linux vulnerabilities2014-12-12

📋Vendor Advisories

10
Ubuntu
Linux kernel (OMAP4) vulnerabilities2015-01-13
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2014-12-12
Ubuntu
Linux kernel vulnerabilities2014-12-12
Ubuntu
Linux kernel vulnerabilities2014-12-12
Ubuntu
Linux kernel (EC2) vulnerabilities2014-12-12

💬Community

2
Bugzilla
CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests [fedora-all]2014-12-10
Bugzilla
CVE-2014-8134 kernel: x86: espfix not working for 32-bit KVM paravirt guests2014-12-10