PT-2011-5208 · Systemtap+7 · Systemtap-Debuginfo+21

Andrew Honig

·

Published

1970-01-01

·

Updated

2023-02-13

·

CVE-2013-1796

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.8.4 systemtap-runtime-debuginfo (affected versions not specified) systemtap-sdt-devel (affected versions not specified) systemtap (affected versions not specified) libvmtools0 (affected versions not specified) systemtap-client (affected versions not specified) systemtap-client-debuginfo (affected versions not specified) kernel-vanilla-base-debuginfo (affected versions not specified) systemtap-server-debuginfo (affected versions not specified) libvmtools0-debuginfo (affected versions not specified) systemtap-runtime (affected versions not specified) kernel-vanilla-base (affected versions not specified) systemtap-server (affected versions not specified) systemtap-debuginfo (affected versions not specified) systemtap-debugsource (affected versions not specified) libvmtools-devel (affected versions not specified)
Description The issue involves multiple vulnerabilities in various packages of the openSUSE and Debian GNU/Linux operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely or locally, depending on the specific package affected. In the case of the Linux kernel, a vulnerability in the kvm set msr common function in arch/x86/kvm/x86.c allows guest OS users to cause a denial of service, including buffer overflow and host OS memory corruption, or possibly have unspecified other impact via a crafted application.
Recommendations For Linux kernel versions prior to 3.8.4, update to a version 3.8.4 or later to resolve the issue. For systemtap-runtime-debuginfo, systemtap-sdt-devel, systemtap, libvmtools0, systemtap-client, systemtap-client-debuginfo, kernel-vanilla-base-debuginfo, systemtap-server-debuginfo, libvmtools0-debuginfo, systemtap-runtime, kernel-vanilla-base, systemtap-server, systemtap-debuginfo, systemtap-debugsource, and libvmtools-devel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Information Disclosure

Weakness Enumeration

CWE-189CWE-119CWE-200

Related Identifiers

ALT-PU-2013-1178
BDU:2015-03064
BDU:2015-05303
BDU:2015-05304
BDU:2015-05305
BDU:2015-05306
BDU:2015-05307
BDU:2015-05308
BDU:2015-05309
BDU:2015-05310
BDU:2015-05311
BDU:2015-05312
BDU:2015-05313
BDU:2015-05314
BDU:2015-05315
BDU:2015-05542
BDU:2015-05543
CESA-2013_0744
CVE-2013-1796
DSA-2668-1
DSA-2669-1
OPENSUSE-SU-2013_0847-1
OPENSUSE-SU-2013_0925-1
OPENSUSE-SU-2013_1187-1
RHSA-2013:0727
RHSA-2013:0744
RHSA-2013:0746
RHSA-2013:0928
RHSA-2013:1026
RHSA-2013_0727
RHSA-2013_0744
SUSE-SU-2015:0481-1
SUSE-SU-2015:0652-1
USN-1805-1
USN-1808-1
USN-1809-1
USN-1812-1
USN-1813-1

Affected Products

Alt Linux
Centos
Debian
Linux Kernel
Red Hat
Suse
Kernel-Vanilla-Base
Kernel-Vanilla-Base-Debuginfo
Libvmtools-Devel
Libvmtools0
Libvmtools0-Debuginfo
Opensuse
Systemtap
Systemtap-Client
Systemtap-Client-Debuginfo
Systemtap-Debuginfo
Systemtap-Debugsource
Systemtap-Runtime
Systemtap-Runtime-Debuginfo
Systemtap-Sdt-Devel
Systemtap-Server
Systemtap-Server-Debuginfo