[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-0311Date: (C)2013-02-22   (M)2024-02-22


The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 2.5
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: ADJACENT_NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
MDVSA-2013:176
RHSA-2013:0496
RHSA-2013:0579
RHSA-2013:0882
RHSA-2013:0928
http://www.openwall.com/lists/oss-security/2013/02/20/6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.7.bz2
https://bugzilla.redhat.com/show_bug.cgi?id=912905
https://github.com/torvalds/linux/commit/bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
openSUSE-SU-2013:1187

OVAL    14
oval:org.secpod.oval:def:701231
oval:org.secpod.oval:def:505772
oval:org.secpod.oval:def:205746
oval:org.secpod.oval:def:1500057
...

© SecPod Technologies