CVE-2013-5634 - OpenCVE

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:H/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel:::::::arm64:*
	cpe:2.3:o:linux:linux_kernel:3.9.0::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.1::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.2::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.3::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.4::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.5::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.6::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.7::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.8::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.9::::::arm64:
	cpe:2.3:o:linux:linux_kernel:3.9.10::::::arm64:

No data.

References

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e8180dcaa8470ceca21109f143876fdcd9fe050a
http://www.openwall.com/lists/oss-security/2013/08/26/4
http://www.securityfocus.com/bid/61995
https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-09-25T10:00:00

Updated: 2024-08-06T17:15:21.541Z

Reserved: 2013-08-26T00:00:00

Link: CVE-2013-5634

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-09-25T10:31:29.330

Modified: 2023-02-13T04:49:03.973

Link: CVE-2013-5634

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-26T00:00:00", "descriptions": [{"lang": "en", "value": "arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-07T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "61995", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/61995"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a"}, {"name": "[oss-security] 20130826 Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/08/26/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e8180dcaa8470ceca21109f143876fdcd9fe050a"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:15:21.541Z"}, "title": "CVE Program Container", "references": [{"name": "61995", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/61995"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a"}, {"name": "[oss-security] 20130826 Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/08/26/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e8180dcaa8470ceca21109f143876fdcd9fe050a"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-5634", "datePublished": "2013-09-25T10:00:00", "dateReserved": "2013-08-26T00:00:00", "dateUpdated": "2024-08-06T17:15:21.541Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:arm64:*", "matchCriteriaId": "7EB94BEB-9A72-41A5-8B5B-1D2211413B28", "versionEndIncluding": "3.9.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.0:*:*:*:*:*:arm64:*", "matchCriteriaId": "59E39242-8051-4018-82BC-F7F2C52749E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.1:*:*:*:*:*:arm64:*", "matchCriteriaId": "EDAADF21-6FBC-4AE4-88E6-912E2EF367E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.2:*:*:*:*:*:arm64:*", "matchCriteriaId": "D4A5AB12-E57A-4D49-93EF-1BE2AC1A0FF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.3:*:*:*:*:*:arm64:*", "matchCriteriaId": "BD62DFE5-690C-4972-AA2E-B01BB7A9E16D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.4:*:*:*:*:*:arm64:*", "matchCriteriaId": "EF771D87-8608-4243-872D-2C735625B097", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.5:*:*:*:*:*:arm64:*", "matchCriteriaId": "F4442A5E-66A5-406F-AC9A-A37175D5A01B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.6:*:*:*:*:*:arm64:*", "matchCriteriaId": "667ED70A-AC2A-4060-86EF-71A71A85E514", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.7:*:*:*:*:*:arm64:*", "matchCriteriaId": "A002A628-663C-4923-8E03-F6EAF4878449", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.8:*:*:*:*:*:arm64:*", "matchCriteriaId": "880C2DC8-C9A7-4935-BCF1-0F0D62785067", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.9:*:*:*:*:*:arm64:*", "matchCriteriaId": "F98FBE36-A39B-4C1F-BC51-A0BCC8690708", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.9.10:*:*:*:*:*:arm64:*", "matchCriteriaId": "218E5271-9206-4D69-8C39-1CE4AB067FDD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call."}, {"lang": "es", "value": "arch/arm/kvm/arm.c en el kernel de Linux anterior a v3.10 en la plataforma ARM, cuando KVM es utilizado, permite a los usuarios del sistema operativo anfitri\u00f3n provocar una denegaci\u00f3n de servicio (referencia a puntero nulo, OOPS y ca\u00edda del sistema operativo invitado) o posiblemente tener otro impacto no especificado mediante la omisi\u00f3n de la inicializaci\u00f3n vCPU anterior a la llamada KVM_GET_REG_LIST ioctl."}], "id": "CVE-2013-5634", "lastModified": "2023-02-13T04:49:03.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 2.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-09-25T10:31:29.330", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e8180dcaa8470ceca21109f143876fdcd9fe050a"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/08/26/4"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/61995"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}