Veracode Vulnerability DatabaseVERACODE:13576Denial Of Service (DoS)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
kernel is vulnerable to denial of service. The vulnerability exists because the function kvm_ioctl_create_device in virt/kvm/kvm_main.callows an attacker to perform malicious ioctl calls on the /dev/kvm device, crashing the application.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kernel | eq | 2.4.9__e.3-3.18.44__20.el6 | |
| kernel | eq | 2.4.9__e.3-3.18.44__20.el6 |
References
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13
www.openwall.com/lists/oss-security/2017/01/18/10
www.securityfocus.com/bid/95672
bugzilla.redhat.com/show_bug.cgi?id=1414506
github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C