{ "threat_severity" : "Important", "public_date" : "2013-12-12T00:00:00Z", "bugzilla" : { "description" : "kernel: kvm: rtc_status.dest_map out-of-bounds access", "id" : "1030986", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1030986" }, "cvss" : { "cvss_base_score" : "7.2", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status" : "draft" }, "details" : [ "Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value." ], "statement" : "Not vulnerable.\nThis issue did not affect the versions of kvm packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise 6.\nThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG 2 as they did not provide support for the KVM subsystem.", "acknowledgement" : "Red Hat would like to thank Andrew Honig (Google) for reporting this issue.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "realtime-kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-4587\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4587" ], "name" : "CVE-2013-4587", "csaw" : false }