CVE-2014-3611

Impact:
Important
Public Date:
2014-10-21
CWE:
CWE-362
Bugzilla:
1144878: CVE-2014-3611 kernel: kvm: PIT timer race condition
A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host.

Find out more about CVE-2014-3611 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5. Future updates may address this issue in the
respective Red Hat Enterprise Linux releases.

CVSS v2 metrics

Base Score 5.5
Base Metrics AV:A/AC:L/Au:S/C:N/I:N/A:C
Access Vector Adjacent Network
Access Complexity Low
Authentication Single
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2014:1843 2014-11-11
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2015:0126 2015-02-04
Red Hat Enterprise Linux 7 (kernel) RHSA-2014:1724 2014-10-28
Red Hat Enterprise Linux Virtualization 5 (kvm) RHSA-2015:0869 2015-04-22
Red Hat Enterprise Linux Extended Update Support 6.5 (kernel) RHSA-2015:0284 2015-03-03

Acknowledgements

Red Hat would like to thank Lars Bull of Google for reporting this issue.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.