{ "threat_severity" : "Important", "public_date" : "2013-12-12T00:00:00Z", "bugzilla" : { "description" : "kernel: kvm: BUG_ON() in apic_cluster_id()", "id" : "1033106", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033106" }, "cvss" : { "cvss_base_score" : "5.2", "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status" : "draft" }, "details" : [ "The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode." ], "statement" : "Not vulnerable.\nThis issue did not affect the versions of kvm packages as shipped with Red Hat Enterprise Linux 5. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise 6.\nThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG 2 as they did not provide support for the KVM subsystem.", "acknowledgement" : "Red Hat would like to thank Lars Bull (Google) for reporting this issue.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "realtime-kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-6376\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6376" ], "name" : "CVE-2013-6376", "csaw" : false }