CVE-2013-1798
Description
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.251
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (0065-1) git_2.7.4-0ubuntu1.8_i386.deb | Linux |
| Linux kernel (0065-1) git_2.7.4-0ubuntu1.8_amd64.deb | Linux |
| Linux kernel (0065-1) git_2.17.1-1ubuntu0.6_i386.deb | Linux |
| Linux kernel (0065-1) git_2.17.1-1ubuntu0.6_amd64.deb | Linux |
| Linux kernel (0065-1) git_2.20.1-2ubuntu1.19.10.2_i386.deb | Linux |
| Linux kernel (0065-1) git_2.20.1-2ubuntu1.19.10.2_amd64.deb | Linux |
| Kernel-uek update (ELSA-2020-5914) kernel-uek-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug update (ELSA-2020-5914) kernel-uek-debug-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | Linux |
| Kernel-uek-debug-devel update (ELSA-2020-5914) kernel-uek-debug-devel-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | Linux |
| Kernel-uek-devel update (ELSA-2020-5914) kernel-uek-devel-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | Linux |
| Kernel-uek-doc update (ELSA-2020-5914) kernel-uek-doc-5.4.17-2036.100.6.1.el8uek.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234