Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1943

Опубликовано: 10 июн. 2013
Источник: redhat
CVSS2: 6.9
EPSS Низкий

Описание

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

Отчет

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG 2. Future kvm updates for Red Hat Enterprise Linux 5 may address this flaw. This issue was addresses in Red Hat Enterprise Linux 6 via RHSA-2013:0911 (https://rhn.redhat.com/errata/RHSA-2013-0911.html). Please note that unlike Red Hat Enterprise Linux 6, where a local unprivileged user could use this flaw to escalate their privileges on the system, on Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.2 EUS, and Red Hat Enterprise Linux 6.3 EUS the impact is limited to potential information leak only.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 5kvmWill not fix
Red Hat Enterprise Linux Extended Update Support 6.2kernelWill not fix
Red Hat Enterprise Linux Extended Update Support 6.3kernelWill not fix
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2013:091110.06.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=950490kernel: kvm: missing check in kvm_set_memory_region()

EPSS

Процентиль: 32%
0.00124
Низкий

6.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1943

CVSS3: 7.8
ubuntu
около 12 лет назад

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

nvd логотип

CVE-2013-1943

CVSS3: 7.8
nvd
около 12 лет назад

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

debian логотип

CVE-2013-1943

CVSS3: 7.8
debian
около 12 лет назад

The KVM subsystem in the Linux kernel before 3.0 does not check whethe ...

github логотип

GHSA-ffvw-xh69-vrvc

CVSS3: 7.8
github
около 3 лет назад

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

oracle-oval логотип

ELSA-2013-0911

oracle-oval
около 12 лет назад

ELSA-2013-0911: kernel security, bug fix, and enhancement update (IMPORTANT)

EPSS

Процентиль: 32%
0.00124
Низкий

6.9 Medium

CVSS2