CVE-2014-8134

low

Published 2014-12-12 · Modified 2026-05-06

CVSS v3

3.3

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS v2

1.9

VIR risk

3.3

Description

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value.

Predictions

Exploit likelihood

34%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-8134

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1172765

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1400314

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.spinics.net/lists/kvm/msg111458.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8134.html

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`3.16.7-ckt4-1`
debian	bullseye	fixed	`3.16.7-ckt4-1`
debian	forky	fixed	`3.16.7-ckt4-1`
debian	sid	fixed	`3.16.7-ckt4-1`
debian	trixie	fixed	`3.16.7-ckt4-1`
linux-kernel		affected
suse	13.1	affected
suse	11	affected
ubuntu	12.04	affected
ubuntu	14.04	affected
ubuntu	16.04	affected

References

Verify integrity in audit chain (admin only). AS-IS.