USN-2420-1

Advisory lineage Upstream: 8 Downstream: 0

Upstream

CVE-2014-3690 CVE-2014-4608 CVE-2014-7970 CVE-2014-7975 UBUNTU-CVE-2014-3690 UBUNTU-CVE-2014-4608

Published: 25 Nov 2014, 04:08

Last modified:22 Apr 2026, 09:04

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Nov 2014, 04:08

Published

Vulnerability first disclosed

22 Apr 2026, 09:04

Last Modified

Vulnerability information updated

Description

linux vulnerabilities A flaw was discovered in how the Linux kernel's KVM (Kernel Virtual Machine) subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service (kill arbitrary processes, or system disruption) by leveraging /dev/kvm access. (CVE-2014-3690) Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970) Andy Lutomirski discovered that the Linux kernel was not checking the CAP_SYS_ADMIN when remounting filesystems to read-only. A local user could exploit this flaw to cause a denial of service (loss of writability). (CVE-2014-7975)

Affected Systems

ubuntu•linux
< 3.13.0-40.69

USN-2420-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (5)