CVE-2013-1797
Publication date 18 March 2013
Last updated 24 July 2024
Ubuntu priority
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
From the Ubuntu Security Team
Andrew Honig discovered a use after free error in guest OS time updates in the Linux kernel's KVM (Kernel-based Virtual Machine). A privileged guest user could exploit this flaw to escalate privilege to the host kernel level.
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
14.04 LTS trusty |
Not affected
|
|
linux-armadaxp | ||
14.04 LTS trusty | Not in release | |
linux-ec2 | ||
14.04 LTS trusty | Not in release | |
linux-flo | ||
14.04 LTS trusty | Not in release | |
linux-fsl-imx51 | ||
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
14.04 LTS trusty | Ignored end of life, was needed | |
linux-grouper | ||
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
14.04 LTS trusty | Not in release | |
linux-lts-backport-maverick | ||
14.04 LTS trusty | Not in release | |
linux-lts-backport-oneiric | ||
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
14.04 LTS trusty | Not in release | |
linux-lts-vivid | ||
14.04 LTS trusty | Not in release | |
linux-maguro | ||
14.04 LTS trusty | Not in release | |
linux-mako | ||
14.04 LTS trusty | Not in release | |
linux-manta | ||
14.04 LTS trusty | Not in release | |
linux-mvl-dove | ||
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
14.04 LTS trusty | Not in release | |
Notes
References
Related Ubuntu Security Notices (USN)
- USN-1812-1
- Linux kernel (Quantal HWE) vulnerabilities
- 1 May 2013
- USN-1809-1
- Linux kernel vulnerabilities
- 1 May 2013
- USN-1813-1
- Linux kernel vulnerabilities
- 2 May 2013
- USN-1811-1
- Linux kernel (OMAP4) vulnerabilities
- 1 May 2013