CVE-2013-1798 on Ubuntu 12.04 LTS (precise) - medium.
Description:
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. Andrew Honig reported a flaw in the way KVM (Kernel-based Virtual Machine) emulated the IOAPIC. A privileged guest user could exploit this flaw to read host memory or cause a denial of service (crash the host).