CVE-2014-0049
Description
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.197
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux hardware enablement kernel from Quantal (USN-2175-1) linux-image-3.5.0-49-generic_3.5.0-49.74~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Quantal (USN-2175-1) linux-image-3.5.0-49-generic_3.5.0-49.74~precise1_amd64.deb | Linux |
| Linux hardware enablement kernel from Raring (USN-2176-1) linux-image-3.8.0-39-generic_3.8.0-39.58~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Raring (USN-2176-1) linux-image-3.8.0-39-generic_3.8.0-39.58~precise1_amd64.deb | Linux |
| Linux hardware enablement kernel from Saucy (USN-2177-1) linux-image-3.11.0-20-generic_3.11.0-20.35~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Saucy (USN-2177-1) linux-image-3.11.0-20-generic_3.11.0-20.35~precise1_amd64.deb | Linux |
| Dtrace-modules-3.8.13-35.el6uek update (ELSA-2014-3034) dtrace-modules-3.8.13-35.el6uek-0.4.3-4.el6.x86_64.rpm | Linux |
| Dtrace-modules-headers update (ELSA-2014-3034) dtrace-modules-headers-0.4.3-4.el6.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234