7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.019 Low
EPSS
Percentile
88.6%
CentOS Errata and Security Advisory CESA-2013:0744
Security:
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the Intel i915 driver in the Linux kernel handled the
allocation of the buffer used for relocation copies. A local user with
console access could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2013-0913, Important)
A buffer overflow flaw was found in the way UTF-8 characters were
converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel’s
FAT file system implementation. A local user able to mount a FAT file
system with the “utf8=1” option could use this flaw to crash the system or,
potentially, to escalate their privileges. (CVE-2013-1773, Important)
A flaw was found in the way KVM handled guest time updates when the
buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine
state register (MSR) crossed a page boundary. A privileged guest user could
use this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796, Important)
A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a
movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797, Important)
A flaw was found in the way KVM emulated IOAPIC (I/O Advanced
Programmable Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798, Important)
A race condition in install_user_keyrings(), leading to a NULL pointer
dereference, was found in the key management facility. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-1792, Moderate)
A NULL pointer dereference in the XFRM implementation could allow a local
user who has the CAP_NET_ADMIN capability to cause a denial of service.
(CVE-2013-1826, Moderate)
A NULL pointer dereference in the Datagram Congestion Control Protocol
(DCCP) implementation could allow a local user to cause a denial of
service. (CVE-2013-1827, Moderate)
Information leak flaws in the XFRM implementation could allow a local
user who has the CAP_NET_ADMIN capability to leak kernel stack memory to
user-space. (CVE-2012-6537, Low)
Two information leak flaws in the Asynchronous Transfer Mode (ATM)
subsystem could allow a local, unprivileged user to leak kernel stack
memory to user-space. (CVE-2012-6546, Low)
An information leak was found in the TUN/TAP device driver in the
networking implementation. A local user with access to a TUN/TAP virtual
interface could use this flaw to leak kernel stack memory to user-space.
(CVE-2012-6547, Low)
An information leak in the Bluetooth implementation could allow a local
user who has the CAP_NET_ADMIN capability to leak kernel stack memory to
user-space. (CVE-2013-0349, Low)
A use-after-free flaw was found in the tmpfs implementation. A local user
able to mount and unmount a tmpfs file system could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low)
A NULL pointer dereference was found in the Linux kernel’s USB Inside Out
Edgeport Serial Driver implementation. An attacker with physical access to
a system could use this flaw to cause a denial of service. (CVE-2013-1774,
Low)
Red Hat would like to thank Andrew Honig of Google for reporting
CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was
discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2013-April/081863.html
Affected packages:
kernel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-firmware
kernel-headers
perf
python-perf
Upstream details at:
https://access.redhat.com/errata/RHSA-2013:0744
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | kernel | < 2.6.32-358.6.1.el6 | kernel-2.6.32-358.6.1.el6.i686.rpm |
CentOS | 6 | i686 | kernel-debug | < 2.6.32-358.6.1.el6 | kernel-debug-2.6.32-358.6.1.el6.i686.rpm |
CentOS | 6 | i686 | kernel-debug-devel | < 2.6.32-358.6.1.el6 | kernel-debug-devel-2.6.32-358.6.1.el6.i686.rpm |
CentOS | 6 | i686 | kernel-devel | < 2.6.32-358.6.1.el6 | kernel-devel-2.6.32-358.6.1.el6.i686.rpm |
CentOS | 6 | noarch | kernel-doc | < 2.6.32-358.6.1.el6 | kernel-doc-2.6.32-358.6.1.el6.noarch.rpm |
CentOS | 6 | noarch | kernel-firmware | < 2.6.32-358.6.1.el6 | kernel-firmware-2.6.32-358.6.1.el6.noarch.rpm |
CentOS | 6 | i686 | kernel-headers | < 2.6.32-358.6.1.el6 | kernel-headers-2.6.32-358.6.1.el6.i686.rpm |
CentOS | 6 | i686 | perf | < 2.6.32-358.6.1.el6 | perf-2.6.32-358.6.1.el6.i686.rpm |
CentOS | 6 | i686 | python-perf | < 2.6.32-358.6.1.el6 | python-perf-2.6.32-358.6.1.el6.i686.rpm |
CentOS | 6 | x86_64 | kernel | < 2.6.32-358.6.1.el6 | kernel-2.6.32-358.6.1.el6.x86_64.rpm |