{
  "threat_severity" : "Moderate",
  "public_date" : "2014-10-21T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: kvm: vmx: invept vm exit not handled",
    "id" : "1144835",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1144835"
  },
  "cvss" : {
    "cvss_base_score" : "4.7",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-248",
  "details" : [ "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.", "It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) instructions. On hosts with an Intel processor and invept VM exit support, an unprivileged guest user could use these instructions to crash the guest." ],
  "statement" : "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Advanced Threat Research team at Intel Security for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-11-11T00:00:00Z",
    "advisory" : "RHSA-2014:1843",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-504.1.3.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.5 Extended Update Support",
    "release_date" : "2015-03-03T00:00:00Z",
    "advisory" : "RHSA-2015:0284",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.5",
    "package" : "kernel-0:2.6.32-431.50.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2014-10-28T00:00:00Z",
    "advisory" : "RHSA-2014:1724",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-123.9.2.el7"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2015-02-04T00:00:00Z",
    "advisory" : "RHSA-2015:0126",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor",
    "package" : "rhev-hypervisor6-0:6.6-20150123.1.el6ev"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 7.0",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-3645\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3645" ],
  "name" : "CVE-2014-3645",
  "csaw" : false
}