rhsa-2013_0746
Vulnerability from csaf_redhat
Published
2013-04-23 18:47
Modified
2024-11-22 06:44
Summary
Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update
Notes
Topic
An updated rhev-hypervisor6 package that fixes several security issues and
various bugs is now available.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization
Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor
is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes
everything necessary to run and manage virtual machines: A subset of the
Red Hat Enterprise Linux operating environment and the Red Hat Enterprise
Virtualization Agent.
Note: Red Hat Enterprise Virtualization Hypervisor is only available for
the Intel 64 and AMD64 architectures with virtualization extensions.
A flaw was found in the way KVM handled guest time updates when the buffer
the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) crossed a page boundary. A privileged guest user could use
this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796)
A potential use-after-free flaw was found in the way KVM handled guest time
updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a
movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to escalate
their privileges on the host. (CVE-2013-1797)
A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable
Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)
An integer overflow flaw was discovered in one of pixman's manipulation
routines. If a remote attacker could trick an application using pixman into
performing a certain manipulation, it could cause the application to crash
or, possibly, execute arbitrary code with the privileges of the user
running the application. (CVE-2013-1591)
Red Hat would like to thank Andrew Honig of Google for reporting
CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798.
This updated package provides updated components that include fixes for
various security issues. These issues have no security impact on Red Hat
Enterprise Virtualization Hypervisor itself, however. The security fixes
included in this update address the following CVE numbers:
CVE-2013-2266 (a bind issue)
CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667 (perl
issues)
This update contains the fixes from the following errata:
ovirt-node: RHBA-2013:0745
libvirt: RHBA-2013:0725
vdsm: RHBA-2013:0704
kernel: RHSA-2013:0744
Users of the Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which corrects these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated rhev-hypervisor6 package that fixes several security issues and\nvarious bugs is now available.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: A subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA flaw was found in the way KVM handled guest time updates when the buffer\nthe guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state\nregister (MSR) crossed a page boundary. A privileged guest user could use\nthis flaw to crash the host or, potentially, escalate their privileges,\nallowing them to execute arbitrary code at the host kernel level.\n(CVE-2013-1796)\n\nA potential use-after-free flaw was found in the way KVM handled guest time\nupdates when the GPA (guest physical address) the guest registered by\nwriting to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a\nmovable or removable memory region of the hosting user-space process (by\ndefault, QEMU-KVM) on the host. If that memory region is deregistered from\nKVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory\nreused, a privileged guest user could potentially use this flaw to escalate\ntheir privileges on the host. (CVE-2013-1797)\n\nA flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable\nInterrupt Controller). A missing validation check in the\nioapic_read_indirect() function could allow a privileged guest user to\ncrash the host, or read a substantial portion of host kernel memory.\n(CVE-2013-1798)\n\nAn integer overflow flaw was discovered in one of pixman\u0027s manipulation\nroutines. If a remote attacker could trick an application using pixman into\nperforming a certain manipulation, it could cause the application to crash\nor, possibly, execute arbitrary code with the privileges of the user\nrunning the application. (CVE-2013-1591)\n\nRed Hat would like to thank Andrew Honig of Google for reporting\nCVE-2013-1796, CVE-2013-1797, and CVE-2013-1798.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2013-2266 (a bind issue)\n\nCVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667 (perl\nissues)\n\nThis update contains the fixes from the following errata:\n\novirt-node: RHBA-2013:0745\nlibvirt: RHBA-2013:0725\nvdsm: RHBA-2013:0704\nkernel: RHSA-2013:0744\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which corrects these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0746",
"url": "https://access.redhat.com/errata/RHSA-2013:0746"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2013-0745.html",
"url": "https://rhn.redhat.com/errata/RHBA-2013-0745.html"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2013-0725.html",
"url": "https://rhn.redhat.com/errata/RHBA-2013-0725.html"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2013-0704.html",
"url": "https://rhn.redhat.com/errata/RHBA-2013-0704.html"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHSA-2013-0744.html",
"url": "https://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"category": "external",
"summary": "910149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149"
},
{
"category": "external",
"summary": "917012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917012"
},
{
"category": "external",
"summary": "917013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917013"
},
{
"category": "external",
"summary": "917017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917017"
},
{
"category": "external",
"summary": "950154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=950154"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0746.json"
}
],
"title": "Red Hat Security Advisory: rhev-hypervisor6 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T06:44:10+00:00",
"generator": {
"date": "2024-11-22T06:44:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0746",
"initial_release_date": "2013-04-23T18:47:00+00:00",
"revision_history": [
{
"date": "2013-04-23T18:47:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-04-23T18:55:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T06:44:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEV Hypervisor for RHEL-6",
"product": {
"name": "RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::hypervisor"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch",
"product": {
"name": "rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch",
"product_id": "rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhev-hypervisor6@6.4-20130415.0.el6_4?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch as a component of RHEV Hypervisor for RHEL-6",
"product_id": "6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
},
"product_reference": "rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch",
"relates_to_product_reference": "6Server-RHEV-Hypervisor"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-1591",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2013-02-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "910149"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pixman: stack-based buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of pixman as shipped with Red Hat Enterprise Linux 5 as it did not contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1591"
},
{
"category": "external",
"summary": "RHBZ#910149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1591",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1591"
}
],
"release_date": "2012-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-04-23T18:47:00+00:00",
"details": "This update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization\nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0746"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pixman: stack-based buffer overflow"
},
{
"acknowledgments": [
{
"names": [
"Andrew Honig"
],
"organization": "Google"
}
],
"cve": "CVE-2013-1796",
"discovery_date": "2013-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "917012"
}
],
"notes": [
{
"category": "description",
"text": "The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support\nfor the KVM subsystem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1796"
},
{
"category": "external",
"summary": "RHBZ#917012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917012"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1796",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1796"
}
],
"release_date": "2013-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-04-23T18:47:00+00:00",
"details": "This update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization\nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0746"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME"
},
{
"acknowledgments": [
{
"names": [
"Andrew Honig"
],
"organization": "Google"
}
],
"cve": "CVE-2013-1797",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2013-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "917013"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support\nfor the KVM subsystem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1797"
},
{
"category": "external",
"summary": "RHBZ#917013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1797",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1797"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1797",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1797"
}
],
"release_date": "2013-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-04-23T18:47:00+00:00",
"details": "This update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization\nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0746"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: kvm: after free issue with the handling of MSR_KVM_SYSTEM_TIME"
},
{
"acknowledgments": [
{
"names": [
"Andrew Honig"
],
"organization": "Google"
}
],
"cve": "CVE-2013-1798",
"discovery_date": "2013-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "917017"
}
],
"notes": [
{
"category": "description",
"text": "The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: out-of-bounds access in ioapic indirect register reads",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support\nfor the KVM subsystem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1798"
},
{
"category": "external",
"summary": "RHBZ#917017",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=917017"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1798",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1798"
}
],
"release_date": "2013-03-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-04-23T18:47:00+00:00",
"details": "This update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo upgrade Hypervisors in Red Hat Enterprise Virtualization\nenvironments using the disk image provided by this package, refer to:\n\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Hypervisor_Deployment_Guide/chap-Deployment_Guide-Upgrading_Red_Hat_Enterprise_Virtualization_Hypervisors.html",
"product_ids": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0746"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:H/Au:S/C:C/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-RHEV-Hypervisor:rhev-hypervisor6-0:6.4-20130415.0.el6_4.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: kvm: out-of-bounds access in ioapic indirect register reads"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.