Vulnerability DatabaseCVE-2014-3690
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-3690
November 10, 2014
arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.
Related Resources (25)
http://rhn.redhat.com/errata/RHSA-2015-0290.html
https://access.redhat.com/security/cve/CVE-2014-3690
http://www.debian.org/security/2014/dsa-3060
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.17.2
http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
http://www.ubuntu.com/usn/USN-2417-1
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3690
https://security-tracker.debian.org/tracker/CVE-2014-3690
http://secunia.com/advisories/60174
http://www.ubuntu.com/usn/USN-2421-1
https://github.com/torvalds/linux/commit/d974baa398f34393db76be45f7d4d04fbdbb4a0a
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d974baa398f34393db76be45f7d4d04fbdbb4a0a
http://rhn.redhat.com/errata/RHSA-2015-0864.html
http://www.openwall.com/lists/oss-security/2014/10/29/7
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
https://bugzilla.redhat.com/show_bug.cgi?id=1153322
http://www.ubuntu.com/usn/USN-2418-1
http://rhn.redhat.com/errata/RHSA-2015-0782.html
http://www.ubuntu.com/usn/USN-2419-1
http://www.securityfocus.com/bid/70691
http://www.openwall.com/lists/oss-security/2014/10/21/4
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://www.ubuntu.com/usn/USN-2420-1
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
CVSS v2
Base Score:
4.9
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400
EPSS
Base Score:
0.04