{
  "threat_severity" : "Important",
  "public_date" : "2014-10-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: kvm: PIT timer race condition",
    "id" : "1144878",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144878"
  },
  "cvss" : {
    "cvss_base_score" : "5.5",
    "cvss_scoring_vector" : "AV:A/AC:L/Au:S/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-362",
  "details" : [ "Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.", "A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host." ],
  "statement" : "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.",
  "acknowledgement" : "Red Hat would like to thank Lars Bull (Google) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2015-04-22T00:00:00Z",
    "advisory" : "RHSA-2015:0869",
    "cpe" : "cpe:/a:redhat:rhel_virtualization:5",
    "package" : "kvm-0:83-270.el5_11"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-11-11T00:00:00Z",
    "advisory" : "RHSA-2014:1843",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-504.1.3.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.5 Extended Update Support",
    "release_date" : "2015-03-03T00:00:00Z",
    "advisory" : "RHSA-2015:0284",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.5",
    "package" : "kernel-0:2.6.32-431.50.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2014-10-28T00:00:00Z",
    "advisory" : "RHSA-2014:1724",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-123.9.2.el7"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2015-02-04T00:00:00Z",
    "advisory" : "RHSA-2015:0126",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor",
    "package" : "rhev-hypervisor6-0:6.6-20150123.1.el6ev"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-3611\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3611" ],
  "name" : "CVE-2014-3611",
  "csaw" : false
}