CVE-2013-5634

Linux Kernel < 3.10 - Denial of Service via KVM_GET_REG_LIST ioctl Call

Title source: llm

Description

arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call.

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/61995

Exploit, Patch x_refsource_confirm

https://github.com/torvalds/linux/commit/e8180dcaa8470ceca21109f143876fdcd9fe050a

View Exploit ZIP pw:eip

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/08/26/4

Patch x_refsource_confirm

https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e8180dcaa8470ceca21109f143876fdcd9fe050a

Scores

EPSS 0.0076

EPSS Percentile 50.6%

Details

CWE

CWE-399

Status published

Products (12)

linux/linux_kernel 3.9.0

linux/linux_kernel 3.9.1

linux/linux_kernel 3.9.2

linux/linux_kernel 3.9.3

linux/linux_kernel 3.9.4

linux/linux_kernel 3.9.5

linux/linux_kernel 3.9.6

linux/linux_kernel 3.9.7

linux/linux_kernel 3.9.8

linux/linux_kernel 3.9.9

... and 2 more

Published Sep 25, 2013

Tracked Since Feb 18, 2026