Oval Definition:	oval:com.ubuntu.trusty:def:20131797000
Revision Date: 2013-03-22 Version: 1 Title: CVE-2013-1797 on Ubuntu 14.04 LTS (trusty) - medium. Description: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. Andrew Honig discovered a use after free error in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to escalate privilege to the host kernel level. Family: unix Class: vulnerability Status: Reference(s): CVE-2013-1797 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'linux' package in trusty is not affected (note: '3.11.0-12.19'). OR NOT While related to the CVE in some way, the 'linux-flo' package in trusty is not affected (note: 'kvm specific issue'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was needed now end-of-life'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'see note'). OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected (note: '3.16.0-25.33~14.04.2'). OR NOT While related to the CVE in some way, the 'linux-lts-vivid' package in trusty is not affected (note: '3.19.0-18.18~14.04.1'). OR While related to the CVE in some way, a decision has been made to ignore it (note: 'see note'). OR NOT While related to the CVE in some way, the 'linux-mako' package in trusty is not affected (note: 'kvm specific issue'). OR NOT While related to the CVE in some way, the 'linux-manta' package in trusty is not affected (note: 'kvm specific issue').
BACK