CVE-2013-1796

2013-03-1800:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

61.4%

JSON

The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel
through 3.8.4 does not ensure a required time_page alignment during an
MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a
denial of service (buffer overflow and host OS memory corruption) or
possibly have unspecified other impact via a crafted application.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-46.108UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-41.66UNKNOWN
ubuntu12.10noarchlinux< 3.5.0-28.48UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-351.64UNKNOWN
ubuntu12.04noarchlinux-lts-quantal< 3.5.0-28.48~precise1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	linux	< 2.6.32-46.108	UNKNOWN
ubuntu	12.04	noarch	linux	< 3.2.0-41.66	UNKNOWN
ubuntu	12.10	noarch	linux	< 3.5.0-28.48	UNKNOWN
ubuntu	10.04	noarch	linux-ec2	< 2.6.32-351.64	UNKNOWN
ubuntu	12.04	noarch	linux-lts-quantal	< 3.5.0-28.48~precise1	UNKNOWN