Linux Kernel 2.6 drivers/vhost/vhost.c translate_desc denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Linux Kernel 2.6. This affects the function translate_desc of the file drivers/vhost/vhost.c. Performing a manipulation results in denial of service.
This vulnerability is cataloged as CVE-2013-0311. There is no exploit available.
To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability, which was classified as problematic, was found in Linux Kernel 2.6 (Operating System). This affects the function translate_desc of the file drivers/vhost/vhost.c. The manipulation with an unknown input leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.
The weakness was shared 11/28/2012 by Michael S. Tsirkin with Red Hat as bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 as confirmed git commit (GIT Repository). It is possible to read the advisory at git.kernel.org. The vendor cooperated in the coordination of the public release. This vulnerability is uniquely identified as CVE-2013-0311 since 12/06/2012. The exploitability is told to be easy. Attacking locally is a requirement. A authentication is required for exploitation. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 78660 (F5 Networks BIG-IP : Linux kernel vulnerability (SOL15732)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family F5 Networks Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 166437 (OpenSuSE Security Update for 3.0.80 Kernel Update (openSUSE-SU-2013:1187-1)).
Applying the patch bd97120fc3d1a11f3124c7c9ba1d91f51829eb85 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (78660), SecurityFocus (BID 58053†), OSVDB (90478†), Secunia (SA52328†) and SecurityTracker (ID 1028195†). The entries VDB-7776, VDB-7777, VDB-7812 and VDB-8067 are related to this item. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.3
VulDB Base Score: 5.5
VulDB Temp Score: 5.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 78660
Nessus Name: F5 Networks BIG-IP : Linux kernel vulnerability (SOL15732)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 881682
OpenVAS Name: CentOS Update for kernel CESA-2013:0496 centos6
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Patch: bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
Timeline
11/28/2012 🔍11/28/2012 🔍
12/06/2012 🔍
02/19/2013 🔍
02/20/2013 🔍
02/21/2013 🔍
02/21/2013 🔍
02/21/2013 🔍
02/22/2013 🔍
02/22/2013 🔍
10/24/2014 🔍
05/05/2021 🔍
Sources
Vendor: kernel.orgAdvisory: bd97120fc3d1a11f3124c7c9ba1d91f51829eb85
Researcher: Michael S. Tsirkin
Organization: Red Hat
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-0311 (🔍)
GCVE (CVE): GCVE-0-2013-0311
GCVE (VulDB): GCVE-100-7779
OVAL: 🔍
SecurityFocus: 58053 - Linux Kernel CVE-2013-0311 Denial Of Service Vulnerability
Secunia: 52328 - Red Hat update for kernel, Less Critical
OSVDB: 90478
SecurityTracker: 1028195 - Linux Kernel Vhost Descriptor Flaw Lets Local Guest Users Gain Host Privileges
Vulnerability Center: 38511 - Linux Kernel Remote Denial of Service or Code Execution due to Mismanagement of a Descriptor, High
See also: 🔍
Entry
Created: 02/22/2013 11:43Updated: 05/05/2021 13:10
Changes: 02/22/2013 11:43 (85), 04/24/2017 20:20 (7), 05/05/2021 13:10 (3)
Complete: 🔍
Committer:
Cache ID: 216:404:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.