CVE-2013-1943 — Improper Input Validation in Kernel

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 83.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Redhat Enterprise Linux +2 more

Timeline

PublishedJul 16

Latest updateMay 13

Description

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel< 3.0

▶Ubuntulinux/linux_kernel< 3.11.0-12.19

▶debiandebian/linux

Also affects: Ubuntu Linux 10.04, Enterprise Linux 5.0, 6.2, 6.3

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-ffvw-xh69-vrvc: The KVM subsystem in the Linux kernel before 3↗2022-05-13

▶

OSV

CVE-2013-1943: The KVM subsystem in the Linux kernel before 3↗2013-07-16

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2013-09-06

▶

Ubuntu

Linux kernel (EC2) vulnerabilities↗2013-09-06

▶

Red Hat

kernel: kvm: missing check in kvm_set_memory_region()↗2013-06-10

▶

Debian

CVE-2013-1943: linux - The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel a...↗2013

▶

💬Community

Bugzilla

CVE-2013-1943 kernel: kvm: missing check in kvm_set_memory_region()↗2013-04-10

▶