CVE-2013-1797

Severity

68%

Complexity

32%

Confidentiality

165%

Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: high. CVSS Vector: (AV:A/AC:H/Au:N/C:C/I:C/A:C).

Overview

First reported 11 years ago

2013-03-22 11:59:00

Last updated 11 years ago

2014-01-28 04:51:00

Affected Software

Linux Kernel 3.8.0

3.8.0

Linux Kernel 3.8.1

3.8.1

Linux Kernel 3.8.2

3.8.2

Linux Kernel 3.8.3

3.8.3

Linux Kernel

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0b79459b482e85cb7426aa7da683a9f2c97aeae1

openSUSE-SU-2013:0847

openSUSE-SU-2013:0925

openSUSE-SU-2013:1187

RHSA-2013:0727

RHSA-2013:0744

RHSA-2013:0746

RHSA-2013:0928

RHSA-2013:1026

MDVSA-2013:176

[oss-security] 20130320 linux kernel: kvm: CVE-2013-179[6..8]

USN-1809-1

USN-1812-1

USN-1813-1

https://bugzilla.redhat.com/show_bug.cgi?id=917013

https://github.com/torvalds/linux/commit/0b79459b482e85cb7426aa7da683a9f2c97aeae1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.