CVE-2014-3601

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.

Published: Sep 1, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3601
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:A/AC:H/Au:S/C:N/I:N/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
opensuse / evergreen	11.4	11.4.x
suse / linux_enterprise_server	11-sp2	11-sp2.x
suse / linux_enterprise_real_time_extension	11.0-sp3	11.0-sp3.x
suse / suse_linux_enterprise_server	11	11.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	14.04	14.04.x
linux / linux_kernel	-	3.16.1.x
linux / linux_kernel	3.16.0	3.16.0.x

Vulnerability Database

289,599

CVE-2014-3601