CVE-2013-0190

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.

References

http://rhn.redhat.com/errata/RHSA-2013-0496.html

http://www.openwall.com/lists/oss-security/2013/01/16/6

http://www.openwall.com/lists/oss-security/2013/01/16/8

http://www.securityfocus.com/bid/57433

http://www.ubuntu.com/usn/USN-1725-1

http://www.ubuntu.com/usn/USN-1728-1

https://bugzilla.redhat.com/show_bug.cgi?id=896038

Details

Source: MITRE

Published: 2013-02-13

Updated: 2013-03-08

Type: CWE-20

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 2.6.23 (inclusive)

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
79501OracleVM 3.2 : kernel-uek (OVMSA-2013-0015)NessusOracleVM Local Security Checks
medium
79499OracleVM 3.1 : kernel-uek (OVMSA-2013-0010)NessusOracleVM Local Security Checks
medium
79497OracleVM 3.2 : kernel-uek (OVMSA-2013-0008)NessusOracleVM Local Security Checks
medium
69713Amazon Linux AMI : kernel / nvidia (ALAS-2013-154)NessusAmazon Linux Local Security Checks
medium
68855Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2013-2525)NessusOracle Linux Local Security Checks
high
68847Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2507)NessusOracle Linux Local Security Checks
high
68846Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2504)NessusOracle Linux Local Security Checks
medium
68845Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2503)NessusOracle Linux Local Security Checks
medium
68739Oracle Linux 6 : Oracle / Linux / 6 / kernel (ELSA-2013-0496)NessusOracle Linux Local Security Checks
medium
65611Ubuntu 12.10 : linux vulnerabilities (USN-1769-1)NessusUbuntu Local Security Checks
medium
65610Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1768-1)NessusUbuntu Local Security Checks
medium
65609Ubuntu 12.04 LTS : linux vulnerabilities (USN-1767-1)NessusUbuntu Local Security Checks
medium
65171RHEL 6 : kernel (RHSA-2013:0496)NessusRed Hat Local Security Checks
medium
65134CentOS 6 : kernel (CESA-2013:0496)NessusCentOS Local Security Checks
medium
64681Ubuntu 10.04 LTS : linux-ec2 vulnerability (USN-1728-1)NessusUbuntu Local Security Checks
medium
64640Ubuntu 10.04 LTS : linux vulnerability (USN-1725-1)NessusUbuntu Local Security Checks
medium
64618Ubuntu 11.10 : linux vulnerabilities (USN-1720-1)NessusUbuntu Local Security Checks
medium
64617Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1719-1)NessusUbuntu Local Security Checks
medium
64088Fedora 17 : kernel-3.7.3-101.fc17 (2013-1025)NessusFedora Local Security Checks
medium
63625Fedora 18 : kernel-3.7.2-204.fc18 (2013-0952)NessusFedora Local Security Checks
medium
801535CentOS RHSA-2013-0496 Security CheckLog Correlation EngineGeneric
high