CVE-2014-0049 | Date: (C)2014-03-13 (M)2024-04-17 |
Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 7.4 |
Exploit Score: 4.4 |
Impact Score: 10.0 |
|
CVSS V2 Metrics: |
Access Vector: ADJACENT_NETWORK |
Access Complexity: MEDIUM |
Authentication: SINGLE |
Confidentiality: COMPLETE |
Integrity: COMPLETE |
Availability: COMPLETE |
| |