|Bugzilla:||917012: CVE-2013-1796 kernel: kvm: buffer overflow in handling of MSR_KVM_SYSTEM_TIME|
The MITRE CVE dictionary describes this issue as:
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support
for the KVM subsystem.
CVSS v2 metrics
|Access Vector:||Adjacent Network|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|RHEL Virtualization version 5 (kvm)||RHSA-2013:0727||April 09, 2013|
|RHEV Hypervisor for RHEL-6 (rhev-hypervisor6)||RHSA-2013:0746||April 23, 2013|
|Red Hat Enterprise Linux Server EUS (v. 6.2) (kernel)||RHSA-2013:1026||July 09, 2013|
|Red Hat Enterprise Linux Server EUS (v. 6.3) (kernel)||RHSA-2013:0928||June 11, 2013|
|Red Hat Enterprise Linux version 6 (kernel)||RHSA-2013:0744||April 23, 2013|
Red Hat would like to thank Andrew Honig of Google for reporting this issue.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.