CVE-2013-4587

CVSS v2.0 7.2 (High)

EPSS 0.06 % (24^th)

Affected Products 2

Advisories 71

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-12-14 18:08:45
(10 years ago)
Updated Date: 2024-02-01 01:40:39
(7 months ago)

Affected Products

Linux

Linux Kernel

Opensuse

Opensuse

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 3.2.54 version	cpe:2.3:o:linux:linux_kernel		< 3.2.54
Linux Kernel from 3.3 version and prior 3.4.75 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.4.75
Linux Kernel from 3.5 version and prior 3.10.25 version	cpe:2.3:o:linux:linux_kernel	>= 3.5	< 3.10.25
Linux Kernel from 3.11 version and prior 3.12.6 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.6

Configuration #2

		CPE23	From	Up To
	Opensuse 11.4	cpe:2.3:o:opensuse:opensuse:11.4
	Opensuse 12.3	cpe:2.3:o:opensuse:opensuse:12.3
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1