Linux Kernel 3.8.0/3.8.1/3.8.2/3.8.3/3.8.4 virt/kvm/ioapic.c input validation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability has been found in Linux Kernel 3.8.0/3.8.1/3.8.2/3.8.3/3.8.4 and classified as problematic. This issue affects some unknown processing of the file virt/kvm/ioapic.c. Performing a manipulation results in input validation. This vulnerability is reported as CVE-2013-1798. No exploit exists. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability, which was classified as critical, was found in Linux Kernel 3.8.0/3.8.1/3.8.2/3.8.3/3.8.4 (Operating System). This affects an unknown part of the file virt/kvm/ioapic.c. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on confidentiality, and availability. The summary by CVE is:
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
The weakness was disclosed 03/01/2013 by Andrew Honig with Google Inc. as not defined mailinglist post (oss-sec). It is possible to read the advisory at seclists.org. The public release has been coordinated in cooperation with Linux. This vulnerability is uniquely identified as CVE-2013-1798 since 02/19/2013. The exploitability is told to be difficult. Attacking locally is a requirement. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 66901 (Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1877-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 166437 (OpenSuSE Security Update for 3.0.80 Kernel Update (openSUSE-SU-2013:1187-1)).
Upgrading to version 2.6.32.61 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published 3 weeks after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (66901), SecurityFocus (BID 58604†), OSVDB (91561†), Secunia (SA52630†) and Vulnerability Center (SBV-38855†). The entries VDB-7779, VDB-7812, VDB-8068 and VDB-8069 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.7VulDB Meta Temp Score: 6.4
VulDB Base Score: 6.7
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 66901
Nessus Name: Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1877-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 892668
OpenVAS Name: Debian Security Advisory DSA 2668-1 (linux-2.6 - privilege escalation/denial of service/information leak
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Kernel 2.6.32.61
Patch: git.kernel.org
Timeline
02/19/2013 🔍03/01/2013 🔍
03/01/2013 🔍
03/01/2013 🔍
03/19/2013 🔍
03/21/2013 🔍
03/21/2013 🔍
03/22/2013 🔍
03/25/2013 🔍
06/16/2013 🔍
05/06/2021 🔍
Sources
Vendor: kernel.orgAdvisory: seclists.org
Researcher: Andrew Honig
Organization: Google Inc.
Status: Not defined
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-1798 (🔍)
GCVE (CVE): GCVE-0-2013-1798
GCVE (VulDB): GCVE-100-8067
OVAL: 🔍
SecurityFocus: 58604 - Linux Kernel KVM CVE-2013-1798 Denial of Service Vulnerability
Secunia: 52630 - KVM Multiple Vulnerabilities, Less Critical
OSVDB: 91561
Vulnerability Center: 38855 - Linux Kernel Remote Denial of Service due to the KVM Improperly Validating Specific Requests, High
See also: 🔍
Entry
Created: 03/25/2013 15:10Updated: 05/06/2021 14:36
Changes: 03/25/2013 15:10 (84), 04/26/2017 09:13 (4), 05/06/2021 14:36 (3)
Complete: 🔍
Committer:
Cache ID: 216:64D:103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.