CVE-2014-8134

Low CVSS 3.3

Overview

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.

CWE: N/A Published: 2014-12-12T18:59:03.317

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 3.3 (LOW)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags