7.2

CVE-2013-4587

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.54
LinuxLinux Kernel Version >= 3.3 < 3.4.75
LinuxLinux Kernel Version >= 3.5 < 3.10.25
LinuxLinux Kernel Version >= 3.11 < 3.12.6
OpensuseOpensuse Version11.4
OpensuseOpensuse Version12.3
OpensuseOpensuse Version13.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.405
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.ubuntu.com/usn/USN-2128-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2129-1
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html
Third Party Advisory
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54
VDB Entry
Mailing List
http://www.ubuntu.com/usn/USN-2109-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2110-1
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
Third Party Advisory
http://www.ubuntu.com/usn/USN-2113-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2117-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2135-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2136-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2138-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2139-1
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2141-1
Third Party Advisory
VDB Entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96
Broken Link
http://www.openwall.com/lists/oss-security/2013/12/12/12
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1030986
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96
Patch