CVE-2013-6885

MEDIUM

Description

The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.

References

http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

http://openwall.com/lists/oss-security/2013/11/28/1

http://rhn.redhat.com/errata/RHSA-2014-0285.html

http://secunia.com/advisories/55840

http://security.gentoo.org/glsa/glsa-201407-03.xml

http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

http://www.debian.org/security/2015/dsa-3128

http://www.openwall.com/lists/oss-security/2013/12/02/1

http://www.securityfocus.com/bid/63983

http://www.securitytracker.com/id/1029415

http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924

https://bugzilla.redhat.com/show_bug.cgi?id=1035823

https://exchange.xforce.ibmcloud.com/vulnerabilities/89335

Details

Source: MITRE

Published: 2013-11-29

Updated: 2017-12-16

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
high
83617SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0470-1)NessusSuSE Local Security Checks
medium
83616SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)NessusSuSE Local Security Checks
high
83614SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0411-1)NessusSuSE Local Security Checks
medium
83613SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)NessusSuSE Local Security Checks
high
82138Debian DLA-155-1 : linux-2.6 security updateNessusDebian Local Security Checks
critical
80558Debian DSA-3128-1 : linux - security updateNessusDebian Local Security Checks
high
79528OracleVM 2.2 : xen (OVMSA-2013-0092)NessusOracleVM Local Security Checks
medium
79527OracleVM 3.1 : xen (OVMSA-2013-0091)NessusOracleVM Local Security Checks
medium
79526OracleVM 3.2 : xen (OVMSA-2013-0090)NessusOracleVM Local Security Checks
medium
76544GLSA-201407-03 : Xen: Multiple VunlerabilitiesNessusGentoo Local Security Checks
high
75364openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1)NessusSuSE Local Security Checks
critical
75363openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)NessusSuSE Local Security Checks
critical
75313openSUSE Security Update : xen (openSUSE-SU-2014:0482-1)NessusSuSE Local Security Checks
medium
75312openSUSE Security Update : xen (openSUSE-SU-2014:0483-1)NessusSuSE Local Security Checks
high
74101Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)NessusOracle Linux Local Security Checks
critical
73554SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9102 / 9104 / 9105)NessusSuSE Local Security Checks
medium
73244SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9047 / 9050 / 9051)NessusSuSE Local Security Checks
medium
73015SuSE 11.3 Security Update : Xen (SAT Patch Number 8973)NessusSuSE Local Security Checks
high
73012Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140312)NessusScientific Linux Local Security Checks
medium
73007Oracle Linux 5 : kernel (ELSA-2014-0285)NessusOracle Linux Local Security Checks
medium
73006Oracle Linux 5 : kernel (ELSA-2014-0285-1)NessusOracle Linux Local Security Checks
medium
72986CentOS 5 : kernel (CESA-2014:0285)NessusCentOS Local Security Checks
medium
72975RHEL 5 : kernel (RHSA-2014:0285)NessusRed Hat Local Security Checks
medium
71478Fedora 19 : xen-4.2.3-11.fc19 (2013-22888)NessusFedora Local Security Checks
medium
71477Fedora 18 : xen-4.2.3-11.fc18 (2013-22866)NessusFedora Local Security Checks
medium
71422Fedora 20 : xen-4.3.1-5.fc20 (2013-22754)NessusFedora Local Security Checks
medium