CVE-2013-1943
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2013-1943 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG 2.
Future kvm updates for Red Hat Enterprise Linux 5 may address this flaw.
This issue was addresses in Red Hat Enterprise Linux 6 via RHSA-2013:0911 (https://rhn.redhat.com/errata/RHSA-2013-0911.html).
Please note that unlike Red Hat Enterprise Linux 6, where a local unprivileged user could use this flaw to escalate their privileges on the system, on Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.2 EUS, and Red Hat Enterprise Linux 6.3 EUS the impact is limited to potential information leak only.
CVSS v2 metrics
| Base Score | 6.9 |
|---|---|
| Base Metrics | AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (kernel) | RHSA-2013:0911 | 2013-06-10 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
| Red Hat Enterprise Linux 5 | kvm | Will not fix |
| Red Hat Enterprise Linux 5 | kernel | Not affected |
Acknowledgements
This issue was discovered by Michael S. Tsirkin of Red Hat.CVE description copyright © 2017, The MITRE Corporation
