|Bugzilla:||949981: CVE-2013-1935 kernel: kvm: pv_eoi guest updates with interrupts disabled|
The MITRE CVE dictionary describes this issue as:
A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible.
This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.
This issue does not affect the versions of KVM package as shipped with Red Hat Enterprise Linux 5.
CVSS v2 metrics
|Access Vector:||Adjacent Network|
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|RHEV Hypervisor for RHEL-6 (rhev-hypervisor6)||RHSA-2013:0907||June 10, 2013|
|Red Hat Enterprise Linux version 6 (kernel)||RHSA-2013:0911||June 10, 2013|
Red Hat would like to thank IBM for reporting this issue.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.