Summary: | Kernel : Multiple vulnerabilities (CVE-2013-{0309,0310,0311}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-02-20 09:02:45 UTC
CVE-2013-0311 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0311): The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. CVE-2013-0310 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0310): The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. CVE-2013-0309 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0309): arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial of service (system crash) via a crafted application. There are no longer any 2.x or <3.7 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security. |