ALT-BU-2014-3084-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 3.17.2-alt1 for branch sisyphus in task 133747.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-3610
The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
- SUSE-SU-2015:0481
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- openSUSE-SU-2015:0566
- RHSA-2015:0869
- RHSA-2015:0869
- DSA-3060
- DSA-3060
- [oss-security] 20141024 kvm issues
- [oss-security] 20141024 kvm issues
- 70742
- 70742
- USN-2394-1
- USN-2394-1
- USN-2417-1
- USN-2417-1
- USN-2418-1
- USN-2418-1
- USN-2491-1
- USN-2491-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1144883
- https://bugzilla.redhat.com/show_bug.cgi?id=1144883
- https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
- https://github.com/torvalds/linux/commit/854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
Modified: 2024-11-21
CVE-2014-3690
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a
- SUSE-SU-2015:0178
- SUSE-SU-2015:0178
- SUSE-SU-2015:0481
- SUSE-SU-2015:0481
- openSUSE-SU-2015:0566
- openSUSE-SU-2015:0566
- SUSE-SU-2015:0736
- SUSE-SU-2015:0736
- RHSA-2015:0290
- RHSA-2015:0290
- RHSA-2015:0782
- RHSA-2015:0782
- RHSA-2015:0864
- RHSA-2015:0864
- 60174
- 60174
- DSA-3060
- DSA-3060
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2
- MDVSA-2015:058
- MDVSA-2015:058
- [oss-security] 20141021 CVE-2014-3690: KVM DoS triggerable by malicious host userspace
- [oss-security] 20141021 CVE-2014-3690: KVM DoS triggerable by malicious host userspace
- [oss-security] 20141029 Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace
- [oss-security] 20141029 Re: CVE-2014-3690: KVM DoS triggerable by malicious host userspace
- 70691
- 70691
- USN-2417-1
- USN-2417-1
- USN-2418-1
- USN-2418-1
- USN-2419-1
- USN-2419-1
- USN-2420-1
- USN-2420-1
- USN-2421-1
- USN-2421-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1153322
- https://bugzilla.redhat.com/show_bug.cgi?id=1153322
- https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a
- https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a