Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1798

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2013-1798
Last Modified 27 Jan 2014 11:51:57
Published 22 Mar 2013 07:59:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector ADJACENT_NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-1798

Summary

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.

Vulnerable Systems

Operating System

  • Linux Kernel 3.8.0

  • Linux Kernel 3.8.1

  • Linux Kernel 3.8.2

  • Linux Kernel 3.8.3

  • Linux Kernel 3.8.4


References

CONFIRM - https://github.com/torvalds/linux/commit/a2c118bfab8bc6b8bb213abfc35201e441693d55

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a2c118bfab8bc6b8bb213abfc35201e441693d55

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=917017

MLIST - [oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]

UBUNTU - USN-1813-1

UBUNTU - USN-1812-1

UBUNTU - USN-1809-1

REDHAT - RHSA-2013:0928

REDHAT - RHSA-2013:0746

REDHAT - RHSA-2013:0744

REDHAT - RHSA-2013:0727

SUSE - openSUSE-SU-2013:0925

SUSE - openSUSE-SU-2013:0847

MANDRIVA - MDVSA-2013:176

SUSE - openSUSE-SU-2013:1187

REDHAT - RHSA-2013:1026


Last Updated: 27 May 2016 11:02:07