CVE-2014-3610

MEDIUM

Linux Kernel < 3.17.2 - Denial of Service

Title source: rule

Description

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c.

References (13)

Scores

CVSS v3 5.5
EPSS 0.0005
EPSS Percentile 15.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

Status draft

Affected Products (6)

linux/linux_kernel < 3.17.2
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux
opensuse/evergreen
suse/suse_linux_enterprise_server

Timeline

Published Nov 10, 2014
Tracked Since Feb 18, 2026