Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1798
HistoryMar 18, 2013 - 12:00 a.m.

CVE-2013-1798

2013-03-1800:00:00
ubuntu.com
ubuntu.com
20

6.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:N/A:C

0.002 Low

EPSS

Percentile

61.3%

The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel
through 3.8.4 does not properly handle a certain combination of invalid
IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS
users to obtain sensitive information from host OS memory or cause a denial
of service (host OS OOPS) via a crafted application.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-48.110UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-41.66UNKNOWN
ubuntu12.10noarchlinux< 3.5.0-28.48UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-353.66UNKNOWN
ubuntu12.04noarchlinux-lts-quantal< 3.5.0-28.48~precise1UNKNOWN

6.2 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:H/Au:N/C:C/I:N/A:C

0.002 Low

EPSS

Percentile

61.3%