Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1796

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-1796
Last Modified 27 Jan 2014 11:51:56
Published 22 Mar 2013 07:59:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-1796

Summary

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.

Vulnerable Systems

Operating System

  • Linux Kernel 3.8.0

  • Linux Kernel 3.8.1

  • Linux Kernel 3.8.2

  • Linux Kernel 3.8.3

  • Linux Kernel 3.8.4


References

CONFIRM - https://github.com/torvalds/linux/commit/c300aa64ddf57d9c5d9c898a64b36877345dd4a9

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c300aa64ddf57d9c5d9c898a64b36877345dd4a9

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=917012

MLIST - [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]

UBUNTU - USN-1813-1

UBUNTU - USN-1812-1

UBUNTU - USN-1809-1

UBUNTU - USN-1808-1

UBUNTU - USN-1805-1

REDHAT - RHSA-2013:0928

REDHAT - RHSA-2013:0746

REDHAT - RHSA-2013:0744

REDHAT - RHSA-2013:0727

SUSE - openSUSE-SU-2013:0925

SUSE - openSUSE-SU-2013:0847

MANDRIVA - MDVSA-2013:176

SUSE - openSUSE-SU-2013:1187

REDHAT - RHSA-2013:1026


Last Updated: 27 May 2016 11:02:07