CVE-2013-1943

Impact:
Important
Public Date:
2013-06-10
CWE:
CWE-119
Bugzilla:
950490: CVE-2013-1943 kernel: kvm: missing check in kvm_set_memory_region()

The MITRE CVE dictionary describes this issue as:

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

Find out more about CVE-2013-1943 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG 2.

Future kvm updates for Red Hat Enterprise Linux 5 may address this flaw.

This issue was addresses in Red Hat Enterprise Linux 6 via RHSA-2013:0911 (https://rhn.redhat.com/errata/RHSA-2013-0911.html).

Please note that unlike Red Hat Enterprise Linux 6, where a local unprivileged user could use this flaw to escalate their privileges on the system, on Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.2 EUS, and Red Hat Enterprise Linux 6.3 EUS the impact is limited to potential information leak only.

CVSS v2 metrics

Base Score 6.9
Base Metrics AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (kernel) RHSA-2013:0911 2013-06-10

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 5 kvm Will not fix
Red Hat Enterprise Linux 5 kernel Not affected

Acknowledgements

This issue was discovered by Michael S. Tsirkin of Red Hat.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.