Linux Kernel 3.12.5 kvm/lapic.c apic_get_tmcct lapic_timer.period numeric error
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.2 | $0-$5k | 0.00 |
A vulnerability was found in Linux Kernel 3.12.5 (Operating System). It has been classified as critical. Affected is the function apic_get_tmcct
of the file kvm/lapic.c. The manipulation of the argument lapic_timer.period
with an unknown input leads to a numeric error vulnerability. CWE is classifying the issue as CWE-189. This is going to have an impact on availability. CVE summarizes:
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
The weakness was presented 12/12/2013 by Andrew Honig as RHSA-2013-1802 as not defined advisory (Red Hat Security Advisory). The advisory is shared for download at rhn.redhat.com. This vulnerability is traded as CVE-2013-6367 since 11/04/2013. The attack needs to approached within the local network. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 72473 (RHEL 5 : kvm (RHSA-2014:0163)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Red Hat Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 123695 (Red Hat Update for kernel (RHSA-2014:0284)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (72473). See 11235 for similar entry.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Numeric errorCWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 72473
Nessus Name: RHEL 5 : kvm (RHSA-2014:0163)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 881832
OpenVAS Name: CentOS Update for kernel CESA-2013:1801 centos6
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: github.com
Timeline
11/04/2013 🔍12/12/2013 🔍
12/12/2013 🔍
12/12/2013 🔍
12/14/2013 🔍
12/16/2013 🔍
12/16/2013 🔍
02/13/2014 🔍
06/04/2021 🔍
Sources
Vendor: kernel.orgAdvisory: RHSA-2013-1802
Researcher: Andrew Honig
Status: Not defined
Confirmation: 🔍
CVE: CVE-2013-6367 (🔍)
OVAL: 🔍
Vulnerability Center: 42580 - Linux Kernel <=3.12.5 Remote Denial of Service due to a Divide-By-Zero Error in the 'Apic_Get_Tmcct()\x27 Function, Medium
SecurityFocus: 64270
OSVDB: 100985
See also: 🔍
Entry
Created: 12/16/2013 11:17Updated: 06/04/2021 11:10
Changes: 12/16/2013 11:17 (78), 05/17/2017 09:08 (2), 06/04/2021 11:10 (3)
Complete: 🔍
Committer: olku
No comments yet. Languages: en.
Please log in to comment.