rhsa-2013_0727
Vulnerability from csaf_redhat
Published
2013-04-09 18:06
Modified
2024-11-22 06:43
Summary
Red Hat Security Advisory: kvm security update
Notes
Topic
Updated kvm packages that fix three security issues are now available for
Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.
A flaw was found in the way KVM handled guest time updates when the buffer
the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) crossed a page boundary. A privileged guest user could use
this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796)
A potential use-after-free flaw was found in the way KVM handled guest time
updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a
movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797)
A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable
Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)
Red Hat would like to thank Andrew Honig of Google for reporting all of
these issues.
All users of kvm are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Note that the procedure
in the Solution section must be performed before this update will take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated kvm packages that fix three security issues are now available for\nRed Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way KVM handled guest time updates when the buffer\nthe guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state\nregister (MSR) crossed a page boundary. A privileged guest user could use\nthis flaw to crash the host or, potentially, escalate their privileges,\nallowing them to execute arbitrary code at the host kernel level.\n(CVE-2013-1796)\n\nA potential use-after-free flaw was found in the way KVM handled guest time\nupdates when the GPA (guest physical address) the guest registered by\nwriting to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a\nmovable or removable memory region of the hosting user-space process (by\ndefault, QEMU-KVM) on the host. If that memory region is deregistered from\nKVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory\nreused, a privileged guest user could potentially use this flaw to\nescalate their privileges on the host. (CVE-2013-1797)\n\nA flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable\nInterrupt Controller). A missing validation check in the\nioapic_read_indirect() function could allow a privileged guest user to\ncrash the host, or read a substantial portion of host kernel memory.\n(CVE-2013-1798)\n\nRed Hat would like to thank Andrew Honig of Google for reporting all of\nthese issues.\n\nAll users of kvm are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Note that the procedure\nin the Solution section must be performed before this update will take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0727",
"url": "https://access.redhat.com/errata/RHSA-2013:0727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "917012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917012"
},
{
"category": "external",
"summary": "917013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917013"
},
{
"category": "external",
"summary": "917017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917017"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0727.json"
}
],
"title": "Red Hat Security Advisory: kvm security update",
"tracking": {
"current_release_date": "2024-11-22T06:43:58+00:00",
"generator": {
"date": "2024-11-22T06:43:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0727",
"initial_release_date": "2013-04-09T18:06:00+00:00",
"revision_history": [
{
"date": "2013-04-09T18:06:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-04-09T18:11:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:43:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL Virtualization (v. 5 server)",
"product": {
"name": "RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_virtualization:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"product": {
"name": "kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"product_id": "kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm-debuginfo@83-262.el5_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"product": {
"name": "kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"product_id": "kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm-qemu-img@83-262.el5_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kvm-tools-0:83-262.el5_9.3.x86_64",
"product": {
"name": "kvm-tools-0:83-262.el5_9.3.x86_64",
"product_id": "kvm-tools-0:83-262.el5_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm-tools@83-262.el5_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kmod-kvm-0:83-262.el5_9.3.x86_64",
"product": {
"name": "kmod-kvm-0:83-262.el5_9.3.x86_64",
"product_id": "kmod-kvm-0:83-262.el5_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kmod-kvm@83-262.el5_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"product": {
"name": "kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"product_id": "kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kmod-kvm-debug@83-262.el5_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kvm-0:83-262.el5_9.3.x86_64",
"product": {
"name": "kvm-0:83-262.el5_9.3.x86_64",
"product_id": "kvm-0:83-262.el5_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm@83-262.el5_9.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-0:83-262.el5_9.3.src",
"product": {
"name": "kvm-0:83-262.el5_9.3.src",
"product_id": "kvm-0:83-262.el5_9.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm@83-262.el5_9.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-kvm-0:83-262.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64"
},
"product_reference": "kmod-kvm-0:83-262.el5_9.3.x86_64",
"relates_to_product_reference": "5Server-VT-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-kvm-debug-0:83-262.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64"
},
"product_reference": "kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"relates_to_product_reference": "5Server-VT-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0:83-262.el5_9.3.src as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src"
},
"product_reference": "kvm-0:83-262.el5_9.3.src",
"relates_to_product_reference": "5Server-VT-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0:83-262.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64"
},
"product_reference": "kvm-0:83-262.el5_9.3.x86_64",
"relates_to_product_reference": "5Server-VT-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-debuginfo-0:83-262.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64"
},
"product_reference": "kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"relates_to_product_reference": "5Server-VT-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-qemu-img-0:83-262.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64"
},
"product_reference": "kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"relates_to_product_reference": "5Server-VT-5.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-tools-0:83-262.el5_9.3.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
},
"product_reference": "kvm-tools-0:83-262.el5_9.3.x86_64",
"relates_to_product_reference": "5Server-VT-5.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Andrew Honig"
],
"organization": "Google"
}
],
"cve": "CVE-2013-1796",
"discovery_date": "2013-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "917012"
}
],
"notes": [
{
"category": "description",
"text": "The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support\nfor the KVM subsystem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1796"
},
{
"category": "external",
"summary": "RHBZ#917012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1796",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1796"
}
],
"release_date": "2013-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-04-09T18:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.",
"product_ids": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0727"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME"
},
{
"acknowledgments": [
{
"names": [
"Andrew Honig"
],
"organization": "Google"
}
],
"cve": "CVE-2013-1797",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2013-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "917013"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support\nfor the KVM subsystem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1797"
},
{
"category": "external",
"summary": "RHBZ#917013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1797"
}
],
"release_date": "2013-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-04-09T18:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.",
"product_ids": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0727"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME"
},
{
"acknowledgments": [
{
"names": [
"Andrew Honig"
],
"organization": "Google"
}
],
"cve": "CVE-2013-1798",
"discovery_date": "2013-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "917017"
}
],
"notes": [
{
"category": "description",
"text": "The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: out-of-bounds access in ioapic indirect register reads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support\nfor the KVM subsystem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1798"
},
{
"category": "external",
"summary": "RHBZ#917017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798"
}
],
"release_date": "2013-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-04-09T18:06:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.",
"product_ids": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0727"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:N/A:C",
"version": "2.0"
},
"products": [
"5Server-VT-5.9.Z:kmod-kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kmod-kvm-debug-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.src",
"5Server-VT-5.9.Z:kvm-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-debuginfo-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-qemu-img-0:83-262.el5_9.3.x86_64",
"5Server-VT-5.9.Z:kvm-tools-0:83-262.el5_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: kvm: out-of-bounds access in ioapic indirect register reads"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.