CVE-2013-5634

Severity

43%

Complexity

25%

Confidentiality

115%

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: high. CVSS Vector: (AV:A/AC:H/Au:S/C:N/I:N/A:C).

Overview

Type

Linux Kernel

First reported 11 years ago

2013-09-25 10:31:00

Last updated 8 years ago

2016-12-08 03:03:00

Affected Software

Linux Kernel 3.9.0 on ARM64 architecture

3.9.0

Linux Kernel 3.9.1 on ARM64 architecture

3.9.1

Linux Kernel 3.9.2 on ARM64 architecture

3.9.2

Linux Kernel 3.9.3 on ARM64 architecture

3.9.3

Linux Kernel 3.9.4 on ARM64 architecture

3.9.4

Linux Kernel 3.9.5 on ARM64 architecture

3.9.5

Linux Kernel 3.9.6 on ARM64 architecture

3.9.6

Linux Kernel 3.9.7 on ARM64 architecture

3.9.7

Linux Kernel 3.9.8 on ARM64 architecture

3.9.8

Linux Kernel 3.9.9 on ARM64 architecture

3.9.9

Linux Kernel 3.9.10 on ARM64 architecture

3.9.10

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e8180dcaa8470ceca21109f143876fdcd9fe050a

Exploit, Patch

[oss-security] 20130826 Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences

61995

https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a