CVE-2014-3645

Linux Kernel < 3.12 - Denial of Service via Missing INVEPT Exit Handler

Title source: llm
STIX 2.1

Description

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.

References (9)

Core 9
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2418-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2417-1
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3060
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/10/24/9
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0126.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0284.html

Scores

EPSS 0.0041
EPSS Percentile 32.9%

Details

CWE
CWE-20
Status published
Products (44)
linux/linux_kernel 3.0 rc1 (7 CPE variants)
linux/linux_kernel 3.0.1
linux/linux_kernel 3.0.2
linux/linux_kernel 3.0.3
linux/linux_kernel 3.0.4
linux/linux_kernel 3.0.5
linux/linux_kernel 3.0.6
linux/linux_kernel 3.0.7
linux/linux_kernel 3.0.8
linux/linux_kernel 3.0.9
... and 34 more
Published Nov 10, 2014
Tracked Since Feb 18, 2026