Vulnerability in Linux Linux_kernel
CVE-2014-8134
The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via…
EPSS: 0.001 (25.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N.
Affected products
- Linux Linux_kernel
- Oracle Linux — versions 6
- Canonical Ubuntu_linux — versions 12.04, 14.04, 16.04
- Opensuse Evergreen — versions 11.4
- Opensuse — versions 13.1
- Suse Suse_linux_enterprise_server — versions 11
- N/a — versions n/a
References
- RHSA-2016:0855 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- [kvm] 20141205 [PATCH] x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit (mailing-list, x_refsource_MLIST, Exploit, Patch, Mailing List, Third Party Advisory)
- SUSE-SU-2015:0736 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- SUSE-SU-2015:0481 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2015:0566 (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- 71650 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 62336 (x_refsource_SECUNIA, Broken Link, third-party-advisory)
Frequently asked questions
- What is CVE-2014-8134?
- CVE-2014-8134 is a low-severity vulnerability in Linux Linux_kernel. CVSS score: 3.3/10. Published 2014-12-12.
- How severe is CVE-2014-8134?
- Low severity. CVSS v3 base score is 3.3 out of 10.