PT-2013-3478 · Linux+2 · Kvm+2

Published

2013-06-10

Updated

2019-04-22

CVE-2013-1935

CVSS v2.0

5.7

Medium

Vector

AV:A/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Linux (RHEL) 6 kernel package versions prior to 2.6.32-358.11.1.el6

Description The issue is related to a certain Red Hat patch to the KVM subsystem in the kernel package, which does not properly implement the PV EOI feature. This allows guest OS users to cause a denial of service by leveraging a time window during which interrupts are disabled but copy to user function calls are possible, resulting in a host OS crash.

Recommendations For Red Hat Enterprise Linux (RHEL) 6 kernel package versions prior to 2.6.32-358.11.1.el6, update to version 2.6.32-358.11.1.el6 or later to resolve the issue.

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CESA-2013_0911

CVE-2013-1935

RHSA-2013:0907

RHSA-2013:0911

RHSA-2013_0911

Affected Products

Centos

Kvm

Red Hat

PT-2013-3478 · Linux+2 · Kvm+2

CVE-2013-1935

Weakness Enumeration

Related Identifiers

Affected Products

References · 19