CVE-2013-0268
published 2013-02-18CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a…
PriorityP427medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
1.56%
72.1th percentile
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
Affected
142 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.2.39-1 (bookworm) | linux 3.2.39-1 (bookworm) |
| linux | linux_kernel | <= 3.7.5 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
vendor_ubuntu6.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware vCenter Chargeback Manager Remote Code Execution
vendor_vmware·2013-06-11·CVSS 5.0
CVE-2013-0166 [MEDIUM] VMware vCenter Chargeback Manager Remote Code Execution
VMSA-2013-0008: VMware vCenter Chargeback Manager Remote Code Execution
a. vCenter Chargeback Manager Remote Code Execution The vCenter Chargeback Manager (CBM) contains a flaw in its handling of file uploads. Exploitation of this issue may allow an unauthenticated attacker to execute code remotely. VMware would like to thank Andrea Micalizzi, aka rgod, for reporting this issue to us through HP's Zero Day Initiative (ZDI). The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3520 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Replace with / Apply Patch VMware Product CBM Product Version 2.01 Running on an
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2013-03-26·CVSS 6.2
CVE-2013-0228 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host s
Ubuntu
Linux kernel (EC2) vulnerabilities
vendor_ubuntu·2013-03-22·CVSS 6.2
CVE-2013-1773 [MEDIUM] Linux kernel (EC2) vulnerabilities
Title: Linux kernel (EC2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernels handling of memory ranges with
PROT_NONE when transparent hugepages are in use. An unprivileged local user
could exploit this flaw to cause a denial of service (crash the system).
(CVE-2013-0309)
A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unpr
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2013-03-22·CVSS 6.2
CVE-2013-0228 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-0228)
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernel's vhost driver used to accelerate
guest networking in KVM based virtual machines. A privileged guest user
could exploit this flaw to crash the host s
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-03-22·CVSS 6.2
CVE-2013-0268 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was reported in the permission checks done by the Linux kernel for
/dev/cpu/*/msr. A local root user with all capabilities dropped could
exploit this flaw to execute code with full root capabilities.
(CVE-2013-0268)
A flaw was discovered in the Linux kernels handling of memory ranges with
PROT_NONE when transparent hugepages are in use. An unprivileged local user
could exploit this flaw to cause a denial of service (crash the system).
(CVE-2013-0309)
A flaw was discovered on the Linux kernel's VFAT filesystem driver when a
disk is mounted with the utf8 option (this is the default on Ubuntu). On a
system where disks/images can be auto-mounted or a FAT filesystem is
mounted an unprivileg
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2013-03-21·CVSS 4.9
CVE-2013-0190 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux
kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest
kernel to crash, or operate erroneously. (CVE-2013-0190)
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
A flaw was discovered in the Linux kernel Xen PCI backend driver. If
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities
vendor_ubuntu·2013-03-18·CVSS 4.9
CVE-2013-0190 [MEDIUM] Linux kernel (Quantal HWE) vulnerabilities
Title: Linux kernel (Quantal HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux
kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest
kernel to crash, or operate erroneously. (CVE-2013-0190)
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
A flaw was discovered in the Linux kernel Xen PCI backend driv
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-03-18·CVSS 4.9
CVE-2013-0190 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux
kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest
kernel to crash, or operate erroneously. (CVE-2013-0190)
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-03-18·CVSS 4.9
CVE-2013-0190 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux
kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest
kernel to crash, or operate erroneously. (CVE-2013-0190)
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
A flaw was discovered in the Linux kernel Xen PCI backend driver. If a PCI
d
Ubuntu
Linux kernel (Oneiric backport) vulnerabilities
vendor_ubuntu·2013-03-12·CVSS 5.2
CVE-2013-0216 [MEDIUM] Linux kernel (Oneiric backport) vulnerabilities
Title: Linux kernel (Oneiric backport) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS priv
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2013-03-06·CVSS 5.2
CVE-2013-0216 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A failure to validate input was discovered in the Linux kernel's Xen
netback (network backend) driver. A user in a guest OS may exploit this
flaw to cause a denial of service to the guest OS and other guest domains.
(CVE-2013-0216)
A memory leak was discovered in the Linux kernel's Xen netback (network
backend) driver. A user in a guest OS could trigger this flaw to cause a
denial of service on the system. (CVE-2013-0217)
Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's
Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged
guest OS user could exploit this flaw to cause a denial of service (crash
the system) or gain guest OS privilege. (CVE-2013-02
Red Hat
kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
vendor_redhat·2013-01-24·CVSS 6.2
CVE-2013-0268 [MEDIUM] kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
Statement: This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Debian
CVE-2013-0268: linux - The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 ...
vendor_debian·2013·CVSS 6.2
CVE-2013-0268 [MEDIUM] CVE-2013-0268: linux - The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 ...
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
Scope: local
bookworm: resolved (fixed in 3.2.39-1)
bullseye: resolved (fixed in 3.2.39-1)
forky: resolved (fixed in 3.2.39-1)
sid: resolved (fixed in 3.2.39-1)
trixie: resolved (fixed in 3.2.39-1)
GHSA
GHSA-pv62-2r85-25pv: The msr_open function in arch/x86/kernel/msr
ghsa_unreviewed·2022-05-05
CVE-2013-0268 [MEDIUM] GHSA-pv62-2r85-25pv: The msr_open function in arch/x86/kernel/msr
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
OSV
CVE-2013-0268: The msr_open function in arch/x86/kernel/msr
osv·2013-02-18·CVSS 6.2
CVE-2013-0268 [MEDIUM] CVE-2013-0268: The msr_open function in arch/x86/kernel/msr
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
No detection rules found.
Bugzilla
CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation [fedora-all]
bugzilla·2013-02-07·CVSS 6.2
CVE-2013-0268 [MEDIUM] CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation [fedora-all]
CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this i
Bugzilla
CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
bugzilla·2013-02-07·CVSS 6.2
CVE-2013-0268 [MEDIUM] CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
CVE-2013-0268 kernel: x86/msr: /dev/cpu/*/msr local privilege escalation
Access to /dev/cpu/*/msr was protected only using filesystem checks. A local uid 0 (root) user with all capabilities dropped could use this flaw to execute arbitrary code in kernel mode.
Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=c903f0456bc69176912dee6dd25c6a66ee1aed00
References:
http://grsecurity.net/~spender/msr32.c
Discussion:
Created kernel tracking bugs for this issue
Affects: fedora-all [bug 908706]
---
kernel-3.7.6-201.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
---
Statement:
This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c903f0456bc69176912dee6dd25c6a66ee1aed00http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.htmlhttp://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6http://www.openwall.com/lists/oss-security/2013/02/07/12https://bugzilla.redhat.com/show_bug.cgi?id=908693https://github.com/torvalds/linux/commit/c903f0456bc69176912dee6dd25c6a66ee1aed00http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c903f0456bc69176912dee6dd25c6a66ee1aed00http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.htmlhttp://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.6http://www.openwall.com/lists/oss-security/2013/02/07/12https://bugzilla.redhat.com/show_bug.cgi?id=908693https://github.com/torvalds/linux/commit/c903f0456bc69176912dee6dd25c6a66ee1aed00
2013-02-18
Published