CVE Reference: CVE-2014-0049

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2014-0049

Description:
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.

CVE Status:
Candidate

References:

MLIST
  http://www.openwall.com/lists/oss-security/2014/03/03/1

CONFIRM
  http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a08d3b3b99efd509133946056531cdf8f3a0c09b
  http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.6


Return to the previous page.