Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1797

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-1797
Last Modified 27 Jan 2014 11:51:57
Published 22 Mar 2013 07:59:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-1797

Summary

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.

Vulnerable Systems

Operating System

  • Linux Kernel 3.8.0

  • Linux Kernel 3.8.1

  • Linux Kernel 3.8.2

  • Linux Kernel 3.8.3

  • Linux Kernel 3.8.4


References

CONFIRM - https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=917013

MLIST - [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b79459b482e85cb7426aa7da683a9f2c97aeae1

UBUNTU - USN-1813-1

UBUNTU - USN-1812-1

UBUNTU - USN-1809-1

REDHAT - RHSA-2013:0928

REDHAT - RHSA-2013:0746

REDHAT - RHSA-2013:0744

REDHAT - RHSA-2013:0727

SUSE - openSUSE-SU-2013:0925

SUSE - openSUSE-SU-2013:0847

MANDRIVA - MDVSA-2013:176

SUSE - openSUSE-SU-2013:1187

REDHAT - RHSA-2013:1026


Last Updated: 27 May 2016 11:02:07