First published: Fri Mar 01 2013(Updated: )
Description of the problem: There is a potential use after free issue with the handling of MSR_KVM_SYSTEM_TIME. If the guest specifies a GPA in a movable or removable memory such as frame buffers then KVM might continue to write to that address even after it's removed via KVM_SET_USER_MEMORY_REGION. KVM pins the page in memory so it's unlikely to cause an issue, but if the user space component re-purposes the memory previously used for the guest, then the guest will be able to corrupt that memory. Acknowledgements: Red Hat would like to thank Andrew Honig of Google for reporting this issue.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | <=3.8.4 | |
Linux Kernel | =3.8.0 | |
Linux Kernel | =3.8.1 | |
Linux Kernel | =3.8.2 | |
Linux Kernel | =3.8.3 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-1797 is classified as a high-severity vulnerability due to its potential for exploitation in KVM environments.
To fix CVE-2013-1797, update your Linux kernel to a version greater than 3.8.4 or apply the relevant patches.
CVE-2013-1797 affects Linux kernel versions prior to 3.8.4, including 3.8.0, 3.8.1, 3.8.2, and 3.8.3.
CVE-2013-1797 has the potential for exploitation in a virtualized environment, which may allow for remote attacks.
CVE-2013-1797 primarily impacts systems using KVM virtualization on affected Linux kernel versions.