kernel: denial of service

Package(s):

kernel

CVE #(s):

CVE-2014-0155

Created:

April 21, 2014

Updated:

May 6, 2014

Description:

From the CVE entry

The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.

Alerts:

Ubuntu	USN-2336-1	linux-lts-trusty	2014-09-02
Ubuntu	USN-2337-1	kernel	2014-09-02
SUSE	SUSE-SU-2014:0908-1	Linux kernel	2014-07-17
SUSE	SUSE-SU-2014:0909-1	Linux kernel	2014-07-17
SUSE	SUSE-SU-2014:0910-1	Linux kernel	2014-07-17
SUSE	SUSE-SU-2014:0911-1	Linux kernel	2014-07-17
SUSE	SUSE-SU-2014:0912-1	Linux kernel	2014-07-17
Ubuntu	USN-2239-1	linux-lts-saucy	2014-06-05
Ubuntu	USN-2241-1	kernel	2014-06-05
Mageia	MGASA-2014-0238	kernel-vserver	2014-05-24
Mageia	MGASA-2014-0234	kernel-tmb	2014-05-23
Mageia	MGASA-2014-0236	kernel-tmb	2014-05-24
Mageia	MGASA-2014-0237	kernel-rt	2014-05-24
Mageia	MGASA-2014-0235	kernel-linus	2014-05-24
Mageia	MGASA-2014-0229	kernel-vserver	2014-05-19
Mageia	MGASA-2014-0227	kernel-rt	2014-05-19
Mageia	MGASA-2014-0226	kernel-linus	2014-05-19
Mageia	MGASA-2014-0228	kernel	2014-05-19
Mageia	MGASA-2014-0225	kernel	2014-05-18
Fedora	FEDORA-2014-5609	kernel	2014-05-06
Fedora	FEDORA-2014-5235	kernel	2014-04-18
CentOS	CESA-2014:X009	kernel	2014-06-16