ALT-PU-2014-1347-1
Package kernel-src-kvm updated to version 3.10.21-alt6 for branch t7 in task 116883.
Closed vulnerabilities
Published: 2014-03-11
BDU:2014-00055
Уязвимость операционной системы Linux, позволяющая злоумышленнику вызвать отказ в обслуживании, повысить свои привилегии или выполнить произвольный код
Severity: HIGH (7.4)
References:
Published: 2014-03-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0049
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.
Severity: HIGH (7.4)
References:
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a08d3b3b99efd509133946056531cdf8f3a0c09b
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a08d3b3b99efd509133946056531cdf8f3a0c09b
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6
- [oss-security] 20140303 CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access
- [oss-security] 20140303 CVE-2014-0049 -- Linux kernel: kvm: mmio_fragments out-of-the-bounds access
- https://bugzilla.redhat.com/show_bug.cgi?id=1062368
- https://bugzilla.redhat.com/show_bug.cgi?id=1062368
- https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b
- https://github.com/torvalds/linux/commit/a08d3b3b99efd509133946056531cdf8f3a0c09b