CVE-2013-6368Improper Input Validation in Linux

CWE-20Improper Input Validation18 documents8 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 88.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedDec 14
Latest updateMay 14

Description

The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages3 packages

Debianlinux/linux_kernel< 3.12.5-1+3
NVDlinux/linux_kernel3.12.5+241
debiandebian/linux< linux 3.12.5-1 (bookworm)

Also affects: Enterprise Linux 6.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-x9p5-w287-9fwv: The KVM subsystem in the Linux kernel through 32022-05-14
OSV
CVE-2013-6368: The KVM subsystem in the Linux kernel through 32013-12-14
Kernel
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm2013-12-12
Kernel
KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368)2013-11-20

📋Vendor Advisories

11
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-03-07
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-03-07
Ubuntu
Linux kernel (OMAP4) vulnerabilities2014-03-07
Ubuntu
Linux kernel vulnerabilities2014-03-07
Ubuntu
Linux kernel (Quantal HWE) vulnerabilities2014-03-07

💬Community

2
Bugzilla
CVE-2013-6368 kernel: kvm: cross page vapic_addr access [fedora-all]2013-12-12
Bugzilla
CVE-2013-6368 kvm: cross page vapic_addr access2013-11-19