Advisories ยป MGASA-2014-0475

Updated kernel packages fix security vulnerabilities

Publication date: 21 Nov 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-3610 , CVE-2014-3611 , CVE-2014-3647

Description

This kernel update is based on upstream -longterm 3.10.60 and
fixes the following security issues:

The WRMSR processing functionality in the KVM subsystem in the Linux
kernel through 3.17.2 does not properly handle the writing of a non-
canonical address to a model-specific register, which allows guest OS
users to cause a denial of service (host OS crash) by leveraging guest
OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
(CVE-2014-3610).

Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS crash)
by leveraging incorrect PIT emulation (CVE-2014-3611).

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through
3.17.2 does not properly perform RIP changes, which allows guest OS users
to cause a denial of service (guest OS crash) via a crafted application
(CVE-2014-3647).

For other upstream changes, read the referenced changelogs.
                

References

SRPMS

3/core

3/nonfree