CVE-2013-1943 kernel: kvm: missing check in kvm_set_memory_region()

Solution Unverified - Updated -

Issue

The MITRE CVE dictionary describes this issue as:

"The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c."

Find out more about CVE-2013-1943 from the MITRE CVE dictionary and NIST NVD.

Environment

  • Red Hat Enterprise Linux (RHEL) 5
  • Red Hat Enterprise Linux (RHEL) 6

Please note that unlike Red Hat Enterprise Linux 6, where a local unprivileged user could use this flaw to escalate their privileges on the system, on Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.2 EUS and Red Hat Enterprise Linux 6.3 EUS the impact is limited to potential information leak only.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In