CVE-2014-3690 vulnerability in Canonical and Other Products
Published on November 10, 2014

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2014-3690

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2014-3690 are published in these products:

Canonical Ubuntu Linux

Debian Linux

Linux Kernel

Novell Suse Linux Enterprise Desktop

Novell Suse Linux Enterprise Server

OpenSuse Evergreen

Red Hat Enterprise Linux (RHEL)

Suse Linux Enterprise Real Time Extension

Suse Linux Enterprise Software Development Kit

Suse Linux Enterprise Workstation Extension

Exploit Probability

EPSS

0.01%

Percentile

1.34%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-3690 vulnerability in Canonical and Other ProductsPublished on November 10, 2014

Products Associated with CVE-2014-3690

Exploit Probability

CVE-2014-3690 vulnerability in Canonical and Other Products
Published on November 10, 2014