Executive Summary

Informations
NameCVE-2013-4592First vendor Publication2013-11-20
VendorCveLast vendor Modification2014-03-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:N/I:N/A:C)
Cvss Base Score4Attack RangeLocal
Cvss Impact Score6.9Attack ComplexityHigh
Cvss Expoit Score1.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4592

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26083
 
Oval ID: oval:org.mitre.oval:def:26083
Title: RHSA-2013:1645: Red Hat Enterprise Linux 6 kernel update (Important)
Description: Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6.
Family: unix Class: patch
Reference(s): RHSA-2013:1645-02
CESA-2013:1645
CVE-2012-6542
CVE-2012-6545
CVE-2013-0343
CVE-2013-1928
CVE-2013-1929
CVE-2013-2164
CVE-2013-2234
CVE-2013-2851
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-3231
CVE-2013-4345
CVE-2013-4387
CVE-2013-4591
CVE-2013-4592
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27431
 
Oval ID: oval:org.mitre.oval:def:27431
Title: ELSA-2013-2584 -- Unbreakable Enterprise Kernel security update (important)
Description: [2.6.39-400.211.2] - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17842208] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17842129] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17842105] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17842095] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17842084] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Jerry Snitselaar) [Orabug: 17842075] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17842072] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17842063] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17842056] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17842050] {CVE-2013-4387}
Family: unix Class: patch
Reference(s): ELSA-2013-2584
CVE-2012-6545
CVE-2013-3231
CVE-2013-0343
CVE-2013-4345
CVE-2013-1928
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-4387
CVE-2013-4592
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27338
 
Oval ID: oval:org.mitre.oval:def:27338
Title: ELSA-2013-2583 -- Unbreakable Enterprise Kernel security update (important)
Description: [3.8.13-16.2.2.el6uek] - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387}
Family: unix Class: patch
Reference(s): ELSA-2013-2583
CVE-2013-0343
CVE-2013-4345
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-4387
CVE-2013-4592
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
dtrace-modules-3.8.13-16.2.2.el6uek-provider-headers
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27264
 
Oval ID: oval:org.mitre.oval:def:27264
Title: ELSA-2013-1645 -- Oracle Linux 6 kernel update (important)
Description: [2.6.32-431] - [md] Disabling of TRIM on RAID5 for RHEL6.5 was too aggressive (Jes Sorensen) [1028426]
Family: unix Class: patch
Reference(s): ELSA-2013-1645
CVE-2012-6542
CVE-2013-1929
CVE-2012-6545
CVE-2013-3231
CVE-2013-2164
CVE-2013-2234
CVE-2013-2851
CVE-2013-0343
CVE-2013-4345
CVE-2013-1928
CVE-2013-2888
CVE-2013-2889
CVE-2013-2892
CVE-2013-4387
CVE-2013-4591
CVE-2013-4592
Version: 3
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Os1826

Nessus® Vulnerability Scanner

DateDescription
2017-04-03Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0140-1.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0189-1.nasl - Type : ACT_GATHER_INFO
2014-11-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2111-1.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2112-1.nasl - Type : ACT_GATHER_INFO
2014-02-19Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2114-1.nasl - Type : ACT_GATHER_INFO
2014-02-13Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3002.nasl - Type : ACT_GATHER_INFO
2014-02-05Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140124.nasl - Type : ACT_GATHER_INFO
2014-02-05Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140125.nasl - Type : ACT_GATHER_INFO
2014-01-28Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140116.nasl - Type : ACT_GATHER_INFO
2014-01-05Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2066-1.nasl - Type : ACT_GATHER_INFO
2013-12-18Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-291.nasl - Type : ACT_GATHER_INFO
2013-12-17Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-29Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2583.nasl - Type : ACT_GATHER_INFO
2013-11-29Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2584.nasl - Type : ACT_GATHER_INFO
2013-11-27Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1645.nasl - Type : ACT_GATHER_INFO
2013-11-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1645.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
CONFIRM http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1...
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e...
https://bugzilla.redhat.com/show_bug.cgi?id=1031702
https://github.com/torvalds/linux/commit/12d6e7538e2d418c08f082b1b44ffa5fb727...
https://github.com/torvalds/linux/commit/e40f193f5bb022e927a57a4f5d5194e4f12d...
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2
MLIST http://www.openwall.com/lists/oss-security/2013/11/18/3
REDHAT http://rhn.redhat.com/errata/RHSA-2013-1645.html
SUSE http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
UBUNTU http://www.ubuntu.com/usn/USN-2066-1
http://www.ubuntu.com/usn/USN-2067-1
http://www.ubuntu.com/usn/USN-2111-1
http://www.ubuntu.com/usn/USN-2112-1
http://www.ubuntu.com/usn/USN-2114-1
http://www.ubuntu.com/usn/USN-2115-1
http://www.ubuntu.com/usn/USN-2116-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
DateInformations
2019-01-25 12:05:43
  • Multiple Updates
2018-11-17 12:04:15
  • Multiple Updates
2018-10-30 12:06:14
  • Multiple Updates
2018-08-09 12:02:20
  • Multiple Updates
2018-04-25 12:05:08
  • Multiple Updates
2017-04-04 13:20:39
  • Multiple Updates
2016-06-30 21:36:32
  • Multiple Updates
2016-06-28 22:24:11
  • Multiple Updates
2016-06-28 19:40:38
  • Multiple Updates
2016-04-26 23:34:54
  • Multiple Updates
2015-05-21 13:30:52
  • Multiple Updates
2014-11-13 13:26:55
  • Multiple Updates
2014-11-08 13:31:10
  • Multiple Updates
2014-03-06 13:22:53
  • Multiple Updates
2014-02-20 13:21:14
  • Multiple Updates
2014-02-17 11:22:27
  • Multiple Updates
2014-01-08 13:20:00
  • Multiple Updates
2014-01-04 13:19:39
  • Multiple Updates
2013-11-26 09:21:25
  • Multiple Updates
2013-11-20 17:19:52
  • First insertion