Vulnerability Name:

CVE-2010-5313 (CCN-101316)

Assigned:2014-09-24
Published:2014-09-24
Updated:2016-11-28
Summary:Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.0 Medium (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2010-5313

Source: CONFIRM
Type: Patch, Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc3a9157d3148ab91039c75423da8ef97be3e105

Source: CCN
Type: Linux Kernel GIT Repository
KVM: X86: Don't report L2 emulation failures to user-space

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0652

Source: CONFIRM
Type: Vendor Advisory
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.38

Source: CCN
Type: RHSA-2016-0855
Moderate: kernel security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:0855

Source: MLIST
Type: Patch, Vendor Advisory
[oss-security] 20141113 CVE-2014-7842 Linux kernel: kvm: reporting emulation failures to userspace

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: BID
Type: UNKNOWN
71363

Source: CCN
Type: BID-71363
Linux Kernel CVE-2010-5313 Local Denial of Service Vulnerability

Source: CCN
Type: Red Hat Bugzilla – Bug 1163762
CVE-2010-5313 CVE-2014-7842 kernel: kvm: reporting emulation failures to userspace

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1163762

Source: XF
Type: UNKNOWN
linux-kernel-cve20105313-dos(101316)

Source: CONFIRM
Type: Patch, Vendor Advisory
https://github.com/torvalds/linux/commit/fc3a9157d3148ab91039c75423da8ef97be3e105

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2010-5313

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 2.6.37)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 10:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.37:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20105313
    V
    		CVE-2010-5313
    2023-02-11
    oval:org.opensuse.security:def:33079
    P
    		Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:33022
    P
    		Security update for python3 (Important)
    2021-02-08
    oval:org.opensuse.security:def:33911
    P
    		Security update for dnsmasq (Important)
    2021-01-19
    oval:org.opensuse.security:def:33872
    P
    		Security update for python-setuptools (Important)
    2020-12-02
    oval:org.opensuse.security:def:28982
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32628
    P
    		PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28394
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33234
    P
    		postgresql on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29085
    P
    		Security update for emacs (Important)
    2020-12-01
    oval:org.opensuse.security:def:32779
    P
    		qt3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28473
    P
    		Security update for xorg-x11-server (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29141
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28689
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32404
    P
    		Security update for w3m (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29823
    P
    		Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:33128
    P
    		krb5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28830
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:32493
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28393
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:33190
    P
    		libvirt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29036
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32722
    P
    		libopensc2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28405
    P
    		Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29124
    P
    		Security update for java-1_7_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32866
    P
    		g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28604
    P
    		Security update for vino
    2020-12-01
    oval:org.opensuse.security:def:32403
    P
    		Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29185
    P
    		Security update for mysql (Important)
    2020-12-01
    oval:org.opensuse.security:def:28746
    P
    		Security update for libjasper
    2020-12-01
    oval:org.opensuse.security:def:32415
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29859
    P
    		Security update for Linux kernel
    2020-12-01
    oval:org.opensuse.security:def:33167
    P
    		libnewt0_52 on GA media (Moderate)
    2020-12-01
    oval:com.redhat.rhsa:def:20160855
    P
    		RHSA-2016:0855: kernel security, bug fix, and enhancement update (Moderate)
    2016-05-10
    oval:com.redhat.rhsa:def:20152152
    P
    		RHSA-2015:2152: kernel security, bug fix, and enhancement update (Important)
    2015-11-19
    oval:com.ubuntu.precise:def:20105313000
    V
    		CVE-2010-5313 on Ubuntu 12.04 LTS (precise) - medium.
    2014-11-29
    oval:com.ubuntu.trusty:def:20105313000
    V
    		CVE-2010-5313 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-11-29
    BACK
    linux linux kernel *
    linux linux kernel 2.6.37
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    redhat enterprise linux server 6
    redhat enterprise linux workstation 6