CVE-2013-1797

2013-03-1800:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

65.8%

JSON

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel
through 3.8.4 allows guest OS users to cause a denial of service (host OS
memory corruption) or possibly have unspecified other impact via a crafted
application that triggers use of a guest physical address (GPA) in (1)
movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME
kvm_set_msr_common operation.

Bugs

Notes

Author	Note
jdstrand	ignored on phablet kernels (too intrusive to backport and they don’t support KVM)

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlinux< 3.2.0-41.66UNKNOWN
ubuntu12.10noarchlinux< 3.5.0-28.48UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1617.27UNKNOWN
ubuntu12.04noarchlinux-lts-quantal< 3.5.0-28.48~precise1UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1430.39UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	linux	< 3.2.0-41.66	UNKNOWN
ubuntu	12.10	noarch	linux	< 3.5.0-28.48	UNKNOWN
ubuntu	12.04	noarch	linux-armadaxp	< 3.2.0-1617.27	UNKNOWN
ubuntu	12.04	noarch	linux-lts-quantal	< 3.5.0-28.48~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-ti-omap4	< 3.2.0-1430.39	UNKNOWN