CVE-2013-0311 — Linux vulnerability

14 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 47.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Redhat Enterprise Linux

Timeline

PublishedFeb 22

Latest updateMay 5

Description

The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.

CVSS vector

AV:A/AC:H/C:C/I:C/A:CExploitability: 2.5 | Impact: 10.0

Affected Packages3 packages

▶Debianlinux/linux_kernel< 3.2.41-1+3

▶NVDlinux/linux_kernel3.6.11+130

▶debiandebian/linux< linux 3.2.41-1 (bookworm)

Also affects: Enterprise Linux 6.0

Patches

Patch: www.kernel.org ↗Patch: www.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-783c-mvqh-hj8j: The translate_desc function in drivers/vhost/vhost↗2022-05-05

▶

OSV

CVE-2013-0311: The translate_desc function in drivers/vhost/vhost↗2013-02-22

▶

📋Vendor Advisories

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2013-03-26

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2013-03-22

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2013-03-21

▶

Ubuntu

Linux kernel (Quantal HWE) vulnerabilities↗2013-03-18

▶

Ubuntu

Linux kernel vulnerabilities↗2013-03-18

▶

💬Community

Bugzilla

CVE-2013-0311 kernel: vhost: fix length for cross region descriptor↗2013-02-20

▶