CVE-2013-1935

Опубликовано: 10 июн. 2013

Источник: redhat

CVSS2: 5.7

Описание

A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.

Отчет

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue does not affect the versions of KVM package as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 5	kvm	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2013:0911	10.06.2013
RHEV 3.X Hypervisor and Agents for RHEL-6	rhev-hypervisor6	Fixed	RHSA-2013:0907	10.06.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=949981kernel: kvm: pv_eoi guest updates with interrupts disabled

5.7 Medium

CVSS2

Связанные уязвимости

CVE-2013-1935

ubuntu

почти 13 лет назад

CVE-2013-1935

nvd

почти 13 лет назад

CVE-2013-1935

debian

почти 13 лет назад

A certain Red Hat patch to the KVM subsystem in the kernel package bef ...

GHSA-3rfm-4g97-5f9p

github

около 4 лет назад

ELSA-2013-0911

oracle-oval

около 13 лет назад

ELSA-2013-0911: kernel security, bug fix, and enhancement update (IMPORTANT)

5.7 Medium

CVSS2