CVE-2013-6885

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.

References

http://lists.dragonflybsd.org/pipermail/kernel/2011-December/046594.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123553.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124195.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124199.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html

http://openwall.com/lists/oss-security/2013/11/28/1

http://rhn.redhat.com/errata/RHSA-2014-0285.html

http://secunia.com/advisories/55840

http://security.gentoo.org/glsa/glsa-201407-03.xml

http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf

http://www.debian.org/security/2015/dsa-3128

http://www.openwall.com/lists/oss-security/2013/12/02/1

http://www.securityfocus.com/bid/63983

http://www.securitytracker.com/id/1029415

http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924

https://bugzilla.redhat.com/show_bug.cgi?id=1035823

https://exchange.xforce.ibmcloud.com/vulnerabilities/89335

Details

Source: MITRE

Published: 2013-11-29

Updated: 2017-12-16

Type: CWE-399

Risk Information

CVSS v2

Base Score: 4.7

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
84140OracleVM 3.2 : xen (OVMSA-2015-0068) (POODLE) (Venom)NessusOracleVM Local Security Checks
low
83617SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0470-1)NessusSuSE Local Security Checks
medium
83616SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0446-1)NessusSuSE Local Security Checks
high
83614SUSE SLES10 Security Update : Xen (SUSE-SU-2014:0411-1)NessusSuSE Local Security Checks
medium
83613SUSE SLES11 Security Update : Xen (SUSE-SU-2014:0372-1)NessusSuSE Local Security Checks
high
82138Debian DLA-155-1 : linux-2.6 security updateNessusDebian Local Security Checks
critical
80558Debian DSA-3128-1 : linux - security updateNessusDebian Local Security Checks
high
79528OracleVM 2.2 : xen (OVMSA-2013-0092)NessusOracleVM Local Security Checks
medium
79527OracleVM 3.1 : xen (OVMSA-2013-0091)NessusOracleVM Local Security Checks
medium
79526OracleVM 3.2 : xen (OVMSA-2013-0090)NessusOracleVM Local Security Checks
medium
76544GLSA-201407-03 : Xen: Multiple VunlerabilitiesNessusGentoo Local Security Checks
high
75364openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1)NessusSuSE Local Security Checks
high
75363openSUSE Security Update : kernel (openSUSE-SU-2014:0678-1)NessusSuSE Local Security Checks
critical
75313openSUSE Security Update : xen (openSUSE-SU-2014:0482-1)NessusSuSE Local Security Checks
medium
75312openSUSE Security Update : xen (openSUSE-SU-2014:0483-1)NessusSuSE Local Security Checks
high
74101Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)NessusOracle Linux Local Security Checks
critical
73554SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9102 / 9104 / 9105)NessusSuSE Local Security Checks
medium
73244SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 9047 / 9050 / 9051)NessusSuSE Local Security Checks
medium
73015SuSE 11.3 Security Update : Xen (SAT Patch Number 8973)NessusSuSE Local Security Checks
high
73012Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140312)NessusScientific Linux Local Security Checks
medium
73007Oracle Linux 5 : kernel (ELSA-2014-0285)NessusOracle Linux Local Security Checks
medium
73006Oracle Linux 5 : kernel (ELSA-2014-0285-1)NessusOracle Linux Local Security Checks
medium
72986CentOS 5 : kernel (CESA-2014:0285)NessusCentOS Local Security Checks
medium
72975RHEL 5 : kernel (RHSA-2014:0285)NessusRed Hat Local Security Checks
medium
71478Fedora 19 : xen-4.2.3-11.fc19 (2013-22888)NessusFedora Local Security Checks
medium
71477Fedora 18 : xen-4.2.3-11.fc18 (2013-22866)NessusFedora Local Security Checks
medium
71422Fedora 20 : xen-4.3.1-5.fc20 (2013-22754)NessusFedora Local Security Checks
medium