Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871007
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2013:0911-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way KVM (Kernel-based Virtual Machine)
initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt)
indication flag when entering the guest. An unprivileged guest user could
potentially use this flaw to crash the host. (CVE-2013-1935, Important)

* A missing sanity check was found in the kvm_set_memory_region() function
in KVM, allowing a user-space process to register memory regions pointing
to the kernel address space. A local, unprivileged user could use this flaw
to escalate their privileges. (CVE-2013-1943, Important)

* A double free flaw was found in the Linux kernel's Virtual Ethernet
Tunnel driver (veth). A remote attacker could possibly use this flaw to
crash a target system. (CVE-2013-2017, Moderate)

Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and
Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue.
The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat.

This update also fixes several bugs and adds one enhancement. Documentation
for these changes will be available shortly from the Technical Notes
document linked to in the References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues and add this enhancement. The system must
be rebooted for this update to take effect.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1935
RedHat Security Advisories: RHSA-2013:0907
https://rhn.redhat.com/errata/RHSA-2013-0907.html
RedHat Security Advisories: RHSA-2013:0911
http://rhn.redhat.com/errata/RHSA-2013-0911.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-1943
http://www.ubuntu.com/usn/USN-1939-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2017
http://www.openwall.com/lists/oss-security/2013/04/29/10
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.