| Revision Date: | 2013-07-16 | Version: | 1 | | Title: | CVE-2013-1935 on Ubuntu 12.04 LTS (precise) - medium. | | Description: | A certain Red Hat patch to the KVM subsystem in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly implement the PV EOI feature, which allows guest OS users to cause a denial of service (host OS crash) by leveraging a time window during which interrupts are disabled but copy_to_user function calls are possible. pv_eoi_put_user called by pv_eoi_set_pending in lapic.c can cause a schedule but is called from with preempt_disable() and local_irq_disable() This lets a local attacker cause a schedule while atomic, denial of service. It is hard to exploit.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2013-1935
| | Platform(s): | Ubuntu 12.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 12.04 LTS (precise) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in precise is not affected.
OR NOT While related to the CVE in some way, the 'linux-armadaxp' package in precise is not affected.
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-lts-quantal' package in precise is not affected (note: '3.5.0-18.29~precise1').
OR NOT While related to the CVE in some way, the 'linux-lts-raring' package in precise is not affected (note: '3.8.0-19.30~precise1').
OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
OR NOT While related to the CVE in some way, the 'linux-ti-omap4' package in precise is not affected.
|
|