var-201311-0359
Vulnerability from variot

The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. Vendors report this vulnerability Errata 793 Published as a problem.Denial of service by a local user via a crafted application ( System hang ) May be in a state. AMD 16h Model Processor is prone to a denial-of-service vulnerability. Successful exploits will cause the affected system to hang, denying service to legitimate users. AMD CPU is a CPU processor launched by AMD Corporation of the United States.

CVE-2014-9419

It was found that on Linux kernels compiled with the 32 bit
interfaces (CONFIG_X86_32) a malicious user program can do a
partial ASLR bypass through TLS base addresses leak when attacking
other programs.

CVE-2014-9529

It was discovered that the Linux kernel is affected by a race
condition flaw when doing key garbage collection, allowing local
users to cause a denial of service (memory corruption or panic).

CVE-2014-9584

It was found that the Linux kernel does not validate a length value
in the Extensions Reference (ER) System Use Field, which allows
local users to obtain sensitive information from kernel memory via a
crafted iso9660 image.

For the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u1.

For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-03


                                        http://security.gentoo.org/

Severity: High Title: Xen: Multiple Vunlerabilities Date: July 16, 2014 Bugs: #440768, #484478, #486354, #497082, #497084, #497086, #499054, #499124, #500528, #500530, #500536, #501080, #501906, #505714, #509054, #513824 ID: 201407-03


Synopsis

Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution.

Background

Xen is a bare-metal hypervisor.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 app-emulations/xen < 4.3.2-r4 >= 4.3.2-r4 >= 4.2.4-r4 2 app-emulations/xen-tools < 4.3.2-r5 >= 4.3.2-r5 >= 4.2.4-r6 3 app-emulations/xen-pvgrub < 4.3.2 >= 4.3.2 >= 4.2.4 ------------------------------------------------------------------- 3 affected packages

Description

Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host.

Workaround

There is no known workaround at this time.

Resolution

All Xen 4.3 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2"

All Xen 4.2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2"

All xen-tools 4.3 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.3.2-r2"

All xen-tools 4.2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.2.4-r2"

All Xen PVGRUB 4.3 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.3.2"

All Xen PVGRUB 4.2 users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.2.4"

References

[ 1 ] CVE-2013-1442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442 [ 2 ] CVE-2013-4329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329 [ 3 ] CVE-2013-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355 [ 4 ] CVE-2013-4356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356 [ 5 ] CVE-2013-4361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361 [ 6 ] CVE-2013-4368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368 [ 7 ] CVE-2013-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369 [ 8 ] CVE-2013-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370 [ 9 ] CVE-2013-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371 [ 10 ] CVE-2013-4375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375 [ 11 ] CVE-2013-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416 [ 12 ] CVE-2013-4494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494 [ 13 ] CVE-2013-4551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551 [ 14 ] CVE-2013-4553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553 [ 15 ] CVE-2013-4554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554 [ 16 ] CVE-2013-6375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375 [ 17 ] CVE-2013-6400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400 [ 18 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 19 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 20 ] CVE-2014-1642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642 [ 21 ] CVE-2014-1666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666 [ 22 ] CVE-2014-1891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891 [ 23 ] CVE-2014-1892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892 [ 24 ] CVE-2014-1893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893 [ 25 ] CVE-2014-1894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894 [ 26 ] CVE-2014-1895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895 [ 27 ] CVE-2014-1896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896 [ 28 ] CVE-2014-2599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599 [ 29 ] CVE-2014-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124 [ 30 ] CVE-2014-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2014:0285-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0285.html Issue date: 2014-03-12 CVE Names: CVE-2013-2929 CVE-2013-4483 CVE-2013-4554 CVE-2013-6381 CVE-2013-6383 CVE-2013-6885 CVE-2013-7263 =====================================================================

  1. Summary:

Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

  1. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

  • A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6381, Important)

  • A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate)

  • It was found that the Xen hypervisor implementation did not correctly check privileges of hypercall attempts made by HVM guests, allowing hypercalls to be invoked from protection rings 1 and 2 in addition to ring

  • A local attacker in an HVM guest able to execute code on privilege levels 1 and 2 could potentially use this flaw to further escalate their privileges in that guest. Note: Xen HVM guests running unmodified versions of Red Hat Enterprise Linux and Microsoft Windows are not affected by this issue because they are known to only use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554, Moderate)

  • A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate)

  • It was found that, under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on certain AMD CPUs (for more information, refer to AMD CPU erratum 793 linked in the References section). A privileged user in a guest running under the Xen hypervisor could use this flaw to cause a denial of service on the host system. This update adds a workaround to the Xen hypervisor implementation, which mitigates the AMD CPU issue. Non-AMD CPUs are not vulnerable. (CVE-2013-6885, Moderate)

  • It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)

  • A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low)

Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter of CVE-2013-4554 and CVE-2013-6885.

This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect.

  1. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1024854 - CVE-2013-4483 kernel: ipc: ipc_rcu_putref refcount races 1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests 1029111 - CVE-2013-4554 kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests 1033530 - CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check 1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl 1035823 - CVE-2013-6885 hw: AMD CPU erratum may cause core hang 1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-371.6.1.el5.src.rpm

i386: kernel-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debug-2.6.18-371.6.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm kernel-devel-2.6.18-371.6.1.el5.i686.rpm kernel-headers-2.6.18-371.6.1.el5.i386.rpm kernel-xen-2.6.18-371.6.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm

noarch: kernel-doc-2.6.18-371.6.1.el5.noarch.rpm

x86_64: kernel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-371.6.1.el5.src.rpm

i386: kernel-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debug-2.6.18-371.6.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm kernel-devel-2.6.18-371.6.1.el5.i686.rpm kernel-headers-2.6.18-371.6.1.el5.i386.rpm kernel-xen-2.6.18-371.6.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm

ia64: kernel-2.6.18-371.6.1.el5.ia64.rpm kernel-debug-2.6.18-371.6.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.ia64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.ia64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.ia64.rpm kernel-devel-2.6.18-371.6.1.el5.ia64.rpm kernel-headers-2.6.18-371.6.1.el5.ia64.rpm kernel-xen-2.6.18-371.6.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.ia64.rpm kernel-xen-devel-2.6.18-371.6.1.el5.ia64.rpm

noarch: kernel-doc-2.6.18-371.6.1.el5.noarch.rpm

ppc: kernel-2.6.18-371.6.1.el5.ppc64.rpm kernel-debug-2.6.18-371.6.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.ppc64.rpm kernel-devel-2.6.18-371.6.1.el5.ppc64.rpm kernel-headers-2.6.18-371.6.1.el5.ppc.rpm kernel-headers-2.6.18-371.6.1.el5.ppc64.rpm kernel-kdump-2.6.18-371.6.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-371.6.1.el5.ppc64.rpm

s390x: kernel-2.6.18-371.6.1.el5.s390x.rpm kernel-debug-2.6.18-371.6.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.s390x.rpm kernel-debug-devel-2.6.18-371.6.1.el5.s390x.rpm kernel-debuginfo-2.6.18-371.6.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.s390x.rpm kernel-devel-2.6.18-371.6.1.el5.s390x.rpm kernel-headers-2.6.18-371.6.1.el5.s390x.rpm kernel-kdump-2.6.18-371.6.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-371.6.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-371.6.1.el5.s390x.rpm

x86_64: kernel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package

  1. References:

https://www.redhat.com/security/data/cve/CVE-2013-2929.html https://www.redhat.com/security/data/cve/CVE-2013-4483.html https://www.redhat.com/security/data/cve/CVE-2013-4554.html https://www.redhat.com/security/data/cve/CVE-2013-6381.html https://www.redhat.com/security/data/cve/CVE-2013-6383.html https://www.redhat.com/security/data/cve/CVE-2013-6885.html https://www.redhat.com/security/data/cve/CVE-2013-7263.html https://access.redhat.com/security/updates/classification/#important http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.10_Technical_Notes/kernel.html

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFTIKllXlSAg2UNWIIRAoE1AKCRsqWRFKokDuMlc5DqDHLfNVvA/wCdHDXK 1A1C4EUJs9uMy4iYcWc1OjI= =ND0O -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0359",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "family 16h models 00h-0fh processor",
        "scope": null,
        "trust": 1.6,
        "vendor": "advanced micro devices amd",
        "version": null
      },
      {
        "model": "16h model processor",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "16h model 0fh processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "16h model 00h processor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "amd",
        "version": null
      },
      {
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "4.0.4"
      },
      {
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "4.0.1"
      },
      {
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "4.3"
      },
      {
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "4.2"
      },
      {
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "4.1"
      },
      {
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "4.0"
      },
      {
        "model": "xen",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "xen",
        "version": "3.3"
      },
      {
        "model": "linux enterprise software development kit sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server unsupported extras",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server for vmware sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp3 for vmware",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp1 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp4 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise server sp3 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise high availability extension sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp2 ltss",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise real time extension sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "opensuse factory",
        "scope": null,
        "trust": 0.3,
        "vendor": "s u s e",
        "version": null
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "12.3"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5"
      },
      {
        "model": "project openvz 028stab110.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openvz",
        "version": null
      },
      {
        "model": "project openvz 028stab108.1",
        "scope": null,
        "trust": 0.3,
        "vendor": "openvz",
        "version": null
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "xenserver common criteria",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0.2"
      },
      {
        "model": "xenserver service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.21"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.2"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.1"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "6.0"
      },
      {
        "model": "xenserver sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.6"
      },
      {
        "model": "xenserver feature pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.61"
      },
      {
        "model": "xenserver",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "citrix",
        "version": "5.6"
      },
      {
        "model": "centos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "centos",
        "version": "5"
      },
      {
        "model": "16h model 0fh processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "amd",
        "version": "0"
      },
      {
        "model": "16h model 00h processor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "amd",
        "version": "0"
      },
      {
        "model": "project openvz 028stab112.3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "openvz",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "63983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:amd:16h_model_processor_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:16h_model_00h_processor:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:amd:16h_model_0fh_processor:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matthew Dillon",
    "sources": [
      {
        "db": "BID",
        "id": "63983"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6885",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.7,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 4.7,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2013-6885",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.7,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.4,
            "id": "VHN-66887",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6885",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-474",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66887",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. Vendors report this vulnerability Errata 793 Published as a problem.Denial of service by a local user via a crafted application ( System hang ) May be in a state. AMD 16h Model Processor is prone to a denial-of-service vulnerability. \nSuccessful exploits will cause the affected system to hang, denying service to legitimate users. AMD CPU is a CPU processor launched by AMD Corporation of the United States. \n\nCVE-2014-9419\n\n    It was found that on Linux kernels compiled with the 32 bit\n    interfaces (CONFIG_X86_32) a malicious user program can do a\n    partial ASLR bypass through TLS base addresses leak when attacking\n    other programs. \n\nCVE-2014-9529\n\n    It was discovered that the Linux kernel is affected by a race\n    condition flaw when doing key garbage collection, allowing local\n    users to cause a denial of service (memory corruption or panic). \n\nCVE-2014-9584\n\n    It was found that the Linux kernel does not validate a length value\n    in the Extensions Reference (ER) System Use Field, which allows\n    local users to obtain sensitive information from kernel memory via a\n    crafted iso9660 image. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.2.65-1+deb7u1. \n\nFor the upcoming stable distribution (jessie) and the unstable\ndistribution (sid), these problems will be fixed soon. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201407-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: Xen: Multiple Vunlerabilities\n     Date: July 16, 2014\n     Bugs: #440768, #484478, #486354, #497082, #497084, #497086,\n           #499054, #499124, #500528, #500530, #500536, #501080,\n           #501906, #505714, #509054, #513824\n       ID: 201407-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Xen, the worst of which\ncould lead to arbitrary code execution. \n\nBackground\n==========\n\nXen is a bare-metal hypervisor. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  app-emulations/xen          \u003c 4.3.2-r4               \u003e= 4.3.2-r4 \n                                                         *\u003e= 4.2.4-r4 \n  2  app-emulations/xen-tools\n                                 \u003c 4.3.2-r5               \u003e= 4.3.2-r5 \n                                                         *\u003e= 4.2.4-r6 \n  3  app-emulations/xen-pvgrub\n                                  \u003c 4.3.2                   *\u003e= 4.3.2 \n                                                            *\u003e= 4.2.4 \n    -------------------------------------------------------------------\n     3 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Xen. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker can utilize multiple vectors to execute arbitrary\ncode, cause Denial of Service, or gain access to data on the host. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Xen 4.3 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulations/xen-4.3.2-r2\"\n\nAll Xen 4.2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-emulations/xen-4.2.4-r2\"\n\nAll xen-tools 4.3 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-tools-4.3.2-r2\"\n\nAll xen-tools 4.2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-tools-4.2.4-r2\"\n\nAll Xen PVGRUB 4.3 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-pvgrub-4.3.2\"\n\nAll Xen PVGRUB 4.2 users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot -v \"\u003e=app-emulations/xen-pvgrub-4.2.4\"\n\nReferences\n==========\n\n[  1 ] CVE-2013-1442\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442\n[  2 ] CVE-2013-4329\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329\n[  3 ] CVE-2013-4355\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355\n[  4 ] CVE-2013-4356\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356\n[  5 ] CVE-2013-4361\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361\n[  6 ] CVE-2013-4368\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368\n[  7 ] CVE-2013-4369\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369\n[  8 ] CVE-2013-4370\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370\n[  9 ] CVE-2013-4371\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371\n[ 10 ] CVE-2013-4375\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375\n[ 11 ] CVE-2013-4416\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416\n[ 12 ] CVE-2013-4494\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494\n[ 13 ] CVE-2013-4551\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551\n[ 14 ] CVE-2013-4553\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553\n[ 15 ] CVE-2013-4554\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554\n[ 16 ] CVE-2013-6375\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375\n[ 17 ] CVE-2013-6400\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400\n[ 18 ] CVE-2013-6885\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885\n[ 19 ] CVE-2013-6885\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885\n[ 20 ] CVE-2014-1642\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642\n[ 21 ] CVE-2014-1666\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666\n[ 22 ] CVE-2014-1891\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891\n[ 23 ] CVE-2014-1892\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892\n[ 24 ] CVE-2014-1893\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893\n[ 25 ] CVE-2014-1894\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894\n[ 26 ] CVE-2014-1895\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895\n[ 27 ] CVE-2014-1896\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896\n[ 28 ] CVE-2014-2599\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599\n[ 29 ] CVE-2014-3124\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124\n[ 30 ] CVE-2014-4021\n       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: kernel security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2014:0285-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://rhn.redhat.com/errata/RHSA-2014-0285.html\nIssue date:        2014-03-12\nCVE Names:         CVE-2013-2929 CVE-2013-4483 CVE-2013-4554 \n                   CVE-2013-6381 CVE-2013-6383 CVE-2013-6885 \n                   CVE-2013-7263 \n=====================================================================\n\n1. Summary:\n\nUpdated kernel packages that fix multiple security issues, several bugs,\nand add one enhancement are now available for Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\n* A buffer overflow flaw was found in the way the qeth_snmp_command()\nfunction in the Linux kernel\u0027s QETH network device driver implementation\nhandled SNMP IOCTL requests with an out-of-bounds length. A local,\nunprivileged user could use this flaw to crash the system or, potentially,\nescalate their privileges on the system. (CVE-2013-6381, Important)\n\n* A flaw was found in the way the ipc_rcu_putref() function in the Linux\nkernel\u0027s IPC implementation handled reference counter decrementing. \nA local, unprivileged user could use this flaw to trigger an Out of Memory\n(OOM) condition and, potentially, crash the system. (CVE-2013-4483,\nModerate)\n\n* It was found that the Xen hypervisor implementation did not correctly\ncheck privileges of hypercall attempts made by HVM guests, allowing\nhypercalls to be invoked from protection rings 1 and 2 in addition to ring\n0. A local attacker in an HVM guest able to execute code on privilege\nlevels 1 and 2 could potentially use this flaw to further escalate their\nprivileges in that guest. Note: Xen HVM guests running unmodified versions\nof Red Hat Enterprise Linux and Microsoft Windows are not affected by this\nissue because they are known to only use protection rings 0 (kernel) and 3\n(userspace). (CVE-2013-4554, Moderate)\n\n* A flaw was found in the way the Linux kernel\u0027s Adaptec RAID controller\n(aacraid) checked permissions of compat IOCTLs. A local attacker could use\nthis flaw to bypass intended security restrictions. (CVE-2013-6383,\nModerate)\n\n* It was found that, under specific circumstances, a combination of write\noperations to write-combined memory and locked CPU instructions may cause a\ncore hang on certain AMD CPUs (for more information, refer to AMD CPU\nerratum 793 linked in the References section). A privileged user in a guest\nrunning under the Xen hypervisor could use this flaw to cause a denial of\nservice on the host system. This update adds a workaround to the Xen\nhypervisor implementation, which mitigates the AMD CPU issue. Non-AMD CPUs\nare not vulnerable. (CVE-2013-6885, Moderate)\n\n* It was found that certain protocol handlers in the Linux kernel\u0027s\nnetworking implementation could set the addr_len value without initializing\nthe associated data structure. A local, unprivileged user could use this\nflaw to leak kernel stack memory to user space using the recvmsg, recvfrom,\nand recvmmsg system calls. (CVE-2013-7263, Low)\n\n* A flaw was found in the way the get_dumpable() function return value was\ninterpreted in the ptrace subsystem of the Linux kernel. When\n\u0027fs.suid_dumpable\u0027 was set to 2, a local, unprivileged local user could\nuse this flaw to bypass intended ptrace restrictions and obtain\npotentially sensitive information. (CVE-2013-2929, Low)\n\nRed Hat would like to thank Vladimir Davydov of Parallels for reporting\nCVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and\nCVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter\nof CVE-2013-4554 and CVE-2013-6885. \n\nThis update also fixes several bugs and adds one enhancement. \nDocumentation for these changes will be available shortly from the\nTechnical Notes document linked to in the References section. \n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. The system must be rebooted for this update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not use\n\"rpm -Uvh\" as that will remove the running kernel binaries from your\nsystem. You may use \"rpm -e\" to remove old kernels after determining that\nthe new kernel functions properly on your system. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1024854 - CVE-2013-4483 kernel: ipc: ipc_rcu_putref refcount races\n1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests\n1029111 - CVE-2013-4554 kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests\n1033530 - CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check\n1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl\n1035823 - CVE-2013-6885 hw: AMD CPU erratum may cause core hang\n1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-371.6.1.el5.src.rpm\n\ni386:\nkernel-2.6.18-371.6.1.el5.i686.rpm\nkernel-PAE-2.6.18-371.6.1.el5.i686.rpm\nkernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm\nkernel-debug-2.6.18-371.6.1.el5.i686.rpm\nkernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm\nkernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm\nkernel-devel-2.6.18-371.6.1.el5.i686.rpm\nkernel-headers-2.6.18-371.6.1.el5.i386.rpm\nkernel-xen-2.6.18-371.6.1.el5.i686.rpm\nkernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm\n\nnoarch:\nkernel-doc-2.6.18-371.6.1.el5.noarch.rpm\n\nx86_64:\nkernel-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debug-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-devel-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-headers-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-xen-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-371.6.1.el5.src.rpm\n\ni386:\nkernel-2.6.18-371.6.1.el5.i686.rpm\nkernel-PAE-2.6.18-371.6.1.el5.i686.rpm\nkernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm\nkernel-debug-2.6.18-371.6.1.el5.i686.rpm\nkernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm\nkernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm\nkernel-devel-2.6.18-371.6.1.el5.i686.rpm\nkernel-headers-2.6.18-371.6.1.el5.i386.rpm\nkernel-xen-2.6.18-371.6.1.el5.i686.rpm\nkernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm\nkernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm\n\nia64:\nkernel-2.6.18-371.6.1.el5.ia64.rpm\nkernel-debug-2.6.18-371.6.1.el5.ia64.rpm\nkernel-debug-debuginfo-2.6.18-371.6.1.el5.ia64.rpm\nkernel-debug-devel-2.6.18-371.6.1.el5.ia64.rpm\nkernel-debuginfo-2.6.18-371.6.1.el5.ia64.rpm\nkernel-debuginfo-common-2.6.18-371.6.1.el5.ia64.rpm\nkernel-devel-2.6.18-371.6.1.el5.ia64.rpm\nkernel-headers-2.6.18-371.6.1.el5.ia64.rpm\nkernel-xen-2.6.18-371.6.1.el5.ia64.rpm\nkernel-xen-debuginfo-2.6.18-371.6.1.el5.ia64.rpm\nkernel-xen-devel-2.6.18-371.6.1.el5.ia64.rpm\n\nnoarch:\nkernel-doc-2.6.18-371.6.1.el5.noarch.rpm\n\nppc:\nkernel-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-debug-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-debug-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-debug-devel-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-debuginfo-common-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-devel-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-headers-2.6.18-371.6.1.el5.ppc.rpm\nkernel-headers-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-kdump-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-kdump-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm\nkernel-kdump-devel-2.6.18-371.6.1.el5.ppc64.rpm\n\ns390x:\nkernel-2.6.18-371.6.1.el5.s390x.rpm\nkernel-debug-2.6.18-371.6.1.el5.s390x.rpm\nkernel-debug-debuginfo-2.6.18-371.6.1.el5.s390x.rpm\nkernel-debug-devel-2.6.18-371.6.1.el5.s390x.rpm\nkernel-debuginfo-2.6.18-371.6.1.el5.s390x.rpm\nkernel-debuginfo-common-2.6.18-371.6.1.el5.s390x.rpm\nkernel-devel-2.6.18-371.6.1.el5.s390x.rpm\nkernel-headers-2.6.18-371.6.1.el5.s390x.rpm\nkernel-kdump-2.6.18-371.6.1.el5.s390x.rpm\nkernel-kdump-debuginfo-2.6.18-371.6.1.el5.s390x.rpm\nkernel-kdump-devel-2.6.18-371.6.1.el5.s390x.rpm\n\nx86_64:\nkernel-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debug-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-devel-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-headers-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-xen-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm\nkernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2929.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4483.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4554.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6381.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6383.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6885.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-7263.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttp://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.10_Technical_Notes/kernel.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e.  More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTIKllXlSAg2UNWIIRAoE1AKCRsqWRFKokDuMlc5DqDHLfNVvA/wCdHDXK\n1A1C4EUJs9uMy4iYcWc1OjI=\n=ND0O\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "db": "BID",
        "id": "63983"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "db": "PACKETSTORM",
        "id": "129980"
      },
      {
        "db": "PACKETSTORM",
        "id": "127477"
      },
      {
        "db": "PACKETSTORM",
        "id": "125666"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6885",
        "trust": 3.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2013/11/28/1",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "63983",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1029415",
        "trust": 1.7
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2013/12/02/1",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "55840",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "129980",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-66887",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "127477",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "125666",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "db": "BID",
        "id": "63983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "db": "PACKETSTORM",
        "id": "129980"
      },
      {
        "db": "PACKETSTORM",
        "id": "127477"
      },
      {
        "db": "PACKETSTORM",
        "id": "125666"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ]
  },
  "id": "VAR-201311-0359",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66887"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:04:26.746000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Revision Guide for AMD Family 16h Models 00h-0Fh Processors",
        "trust": 0.8,
        "url": "http://support.amd.com/techdocs/51810_16h_00h-0fh_rev_guide.pdf"
      },
      {
        "title": "Bug 1035823",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035823"
      },
      {
        "title": "RHSA-2014:0285",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2014-0285.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://openwall.com/lists/oss-security/2013/11/28/1"
      },
      {
        "trust": 2.2,
        "url": "http://support.amd.com/techdocs/51810_16h_00h-0fh_rev_guide.pdf"
      },
      {
        "trust": 2.0,
        "url": "http://lists.dragonflybsd.org/pipermail/kernel/2011-december/046594.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924"
      },
      {
        "trust": 1.8,
        "url": "http://security.gentoo.org/glsa/glsa-201407-03.xml"
      },
      {
        "trust": 1.8,
        "url": "http://rhn.redhat.com/errata/rhsa-2014-0285.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1029415"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/55840"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/63983"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2015/dsa-3128"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-december/123553.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-december/124199.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-december/124195.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2013/12/02/1"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1035823"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89335"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6885"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6885"
      },
      {
        "trust": 0.6,
        "url": "http://xenbits.xenproject.org/xsa/advisory-82.html"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2013-6885"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2014:0285"
      },
      {
        "trust": 0.3,
        "url": "http://www.amd.com/us/products/pages/processors.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://wiki.openvz.org/download/kernel/rhel5/028stab112.3"
      },
      {
        "trust": 0.3,
        "url": "http://xenbits.xen.org/xsa/advisory-82.html"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/oss-sec/2013/q4/385"
      },
      {
        "trust": 0.3,
        "url": "http://support.citrix.com/article/ctx140038"
      },
      {
        "trust": 0.3,
        "url": "http://linux.oracle.com/errata/elsa-2014-3034.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6885"
      },
      {
        "trust": 0.2,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4554"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8133"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9419"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9584"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9529"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4356"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4494"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-4021"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1442"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1892"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1894"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4370"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4361"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4551"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6375"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1666"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1894"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2599"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4416"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4361"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4553"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1666"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4554"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1892"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1895"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1895"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4371"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6400"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4356"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4329"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4368"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4329"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1896"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4355"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1891"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4375"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1893"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4355"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1891"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6885"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1442"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4371"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4375"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4494"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3124"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4368"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1896"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4369"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4551"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1642"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6375"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2599"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6400"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4553"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4416"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2929"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6383.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6885.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-4483.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-6381.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6381"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-7263.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/site/documentation/en-us/red_hat_enterprise_linux/5/html/5.10_technical_notes/kernel.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7263"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-2929.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/security/data/cve/cve-2013-4554.html"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/#package"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6383"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "db": "BID",
        "id": "63983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "db": "PACKETSTORM",
        "id": "129980"
      },
      {
        "db": "PACKETSTORM",
        "id": "127477"
      },
      {
        "db": "PACKETSTORM",
        "id": "125666"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "db": "BID",
        "id": "63983"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "db": "PACKETSTORM",
        "id": "129980"
      },
      {
        "db": "PACKETSTORM",
        "id": "127477"
      },
      {
        "db": "PACKETSTORM",
        "id": "125666"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "date": "2013-11-27T00:00:00",
        "db": "BID",
        "id": "63983"
      },
      {
        "date": "2013-12-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "date": "2015-01-16T00:16:12",
        "db": "PACKETSTORM",
        "id": "129980"
      },
      {
        "date": "2014-07-16T22:25:37",
        "db": "PACKETSTORM",
        "id": "127477"
      },
      {
        "date": "2014-03-12T21:14:17",
        "db": "PACKETSTORM",
        "id": "125666"
      },
      {
        "date": "2013-11-29T04:33:29.200000",
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "date": "2013-11-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66887"
      },
      {
        "date": "2015-04-13T21:41:00",
        "db": "BID",
        "id": "63983"
      },
      {
        "date": "2015-08-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      },
      {
        "date": "2023-02-13T00:29:31.807000",
        "db": "NVD",
        "id": "CVE-2013-6885"
      },
      {
        "date": "2023-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "63983"
      },
      {
        "db": "PACKETSTORM",
        "id": "125666"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "AMD Family 16h Models 00h-0Fh Denial of service in microcode running on a processor  (DoS) Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005326"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-474"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.