CVE-2013-4587

{"id": "CVE-2013-4587", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-14T18:08:45.590", "references": [{"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2013/12/12/12", "tags": ["Mailing List"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2109-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2110-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2113-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2117-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2128-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2129-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2135-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2136-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2138-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2139-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2141-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030986", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54", "tags": ["Mailing List", "VDB Entry"], "source": "[email protected]"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=338c7dbadd2671189cec7faf64c84d01071b3f96", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00002.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/12/12/12", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2109-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2110-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2113-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2117-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2128-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2129-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2135-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2136-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2138-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2139-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2141-1", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030986", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/torvalds/linux/commit/338c7dbadd2671189cec7faf64c84d01071b3f96", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.54", "tags": ["Mailing List", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value."}, {"lang": "es", "value": "Error de \u00edndice de array en la funci\u00f3n kvm_vm_ioctl_create_vcpu en virt/kvm/kvm_main.c en el subsistema de KVM en el kernel de Linux hasta la versi\u00f3n 3.12.5 que permite a usuarios locales conseguir privilegios a trav\u00e9s de un valor grande de id."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "331E4B5F-B942-476E-95A1-C1DABD2E35F3", "versionEndExcluding": "3.2.54"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E503EA34-7432-4DF4-880C-00AF31FCB9EB", "versionEndExcluding": "3.4.75", "versionStartIncluding": "3.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4DF5075-34BB-489C-A410-753A4F6EA2BE", "versionEndExcluding": "3.10.25", "versionStartIncluding": "3.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81EE7BBD-B11B-4AEB-8E24-A18ACE179099", "versionEndExcluding": "3.12.6", "versionStartIncluding": "3.11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}