The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
Metrics
No CVSS v4.0
No CVSS v3.1
No CVSS v3.0
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:L/AC:H/Au:N/C:C/I:C/A:C
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Linux |
|
Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat Enterprise Linux 5 | |||
kvm-0:83-266.el5_10.1 | cpe:/a:redhat:rhel_virtualization:5 | RHSA-2014:0163 | 2014-02-12T00:00:00Z |
Red Hat Enterprise Linux 6 | |||
kernel-0:2.6.32-431.1.2.el6 | cpe:/o:redhat:enterprise_linux:6 | RHSA-2013:1801 | 2013-12-12T00:00:00Z |
Red Hat Enterprise Linux 6.4 Extended Update Support | |||
kernel-0:2.6.32-358.37.1.el6 | cpe:/o:redhat:rhel_eus:6.4 | RHSA-2014:0284 | 2014-03-11T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-12-14T18:00:00
Updated: 2024-08-06T17:39:01.095Z
Reserved: 2013-11-04T00:00:00
Link: CVE-2013-6368
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-12-14T18:08:45.653
Modified: 2024-11-21T01:59:05.217
Link: CVE-2013-6368
Redhat