Back to bug 1332139
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-05-02 11:04:39 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-05-02 11:04:39 UTC | Doc Type | --- | Bug Fix |
| Adam Mariš | 2016-05-02 11:07:44 UTC | Summary | EMBARGOED CVE-2016-3713 kernel-aarch64: Out-of-bounds access in msr_mtrr_valid | EMBARGOED CVE-2016-3713 kernel-aarch64: Out-of-bounds access in set_var_mtrr_msr |
| Adam Mariš | 2016-05-02 11:12:56 UTC | Blocks | 1332140 | |
| Adam Mariš | 2016-05-02 11:24:21 UTC | Whiteboard | impact=low,public=no,reported=20160429,source=researcher,cvss2=3.3/AV:L/AC:M/Au:N/C:N/I:P/A:P,cwe=CWE-125,rhel-7/kernel-aarch64=affected | impact=low,public=no,reported=20160429,source=researcher,cvss2=3.3/AV:L/AC:M/Au:N/C:N/I:P/A:P,cwe=CWE-125,rhel-7/kernel-aarch64=affected,rhel-5/kernel=new,rhel-5/kvm=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhelsa-7/arm-kernel=new,mrg-2/realtime-kernel=new,fedora-all/kernel=affected |
| Adam Mariš | 2016-05-02 11:24:41 UTC | CC | agordeev, aquini, areis, bhu, dhoward, esammons, fhrbata, iboverma, jen, jkacur, joelsmith, jross, kernel-mgr, knoel, kstutsma, lgoncalv, lwang, matt, mcressma, mguzik, mkenneth, mrezanin, mst, nmurray, pbonzini, pholasek, plougher, rvrbovsk, williams | |
| Petr Matousek | 2016-05-02 11:51:49 UTC | CC | pmatouse | |
| Summary | EMBARGOED CVE-2016-3713 kernel-aarch64: Out-of-bounds access in set_var_mtrr_msr | EMBARGOED CVE-2016-3713 kernel: kvm: out-of-bounds access in set_var_mtrr_msr | ||
| Whiteboard | impact=low,public=no,reported=20160429,source=researcher,cvss2=3.3/AV:L/AC:M/Au:N/C:N/I:P/A:P,cwe=CWE-125,rhel-7/kernel-aarch64=affected,rhel-5/kernel=new,rhel-5/kvm=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhelsa-7/arm-kernel=new,mrg-2/realtime-kernel=new,fedora-all/kernel=affected | impact=low,public=no,reported=20160429,source=researcher,cvss2=3.3/AV:L/AC:M/Au:N/C:N/I:P/A:P,cwe=CWE-125,rhel-5/kvm=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=notaffected,rhelsa-7/arm-kernel=notaffected,mrg-2/realtime-kernel=notaffected,fedora-all/kernel=affected | ||
| Prasad Pandit | 2016-05-12 10:57:01 UTC | CC | prasad | |
| Doc Text | Linux kernel built with the Kernel-based Virtual Machine(KVM) with variable Memory Type Range Registers(MTRR) support is vulnerable to an out-of-bounds r/w access issue. It could occur while accessing MTRRs via ioctl(2) call. A privileged user inside guest could use this flaw manipulate host kernel's memory bytes leading to information disclosure or crashing the kernel resulting in DoS. | |||
| Whiteboard | impact=low,public=no,reported=20160429,source=researcher,cvss2=3.3/AV:L/AC:M/Au:N/C:N/I:P/A:P,cwe=CWE-125,rhel-5/kvm=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=notaffected,rhelsa-7/arm-kernel=notaffected,mrg-2/realtime-kernel=notaffected,fedora-all/kernel=affected | impact=moderate,public=no,reported=20160429,source=researcher,cvss2=5.5/AV:A/AC:H/Au:S/C:P/I:P/A:C,cwe=CWE-125,rhel-5/kvm=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,rhelsa-7/arm-kernel=notaffected,mrg-2/realtime-kernel=notaffected,fedora-all/kernel=affected | ||
| Prasad Pandit | 2016-05-16 11:54:10 UTC | Whiteboard | impact=moderate,public=no,reported=20160429,source=researcher,cvss2=5.5/AV:A/AC:H/Au:S/C:P/I:P/A:C,cwe=CWE-125,rhel-5/kvm=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,rhelsa-7/arm-kernel=notaffected,mrg-2/realtime-kernel=notaffected,fedora-all/kernel=affected | impact=moderate,public=20160516,reported=20160429,source=researcher,cvss2=5.5/AV:A/AC:H/Au:S/C:P/I:P/A:C,cwe=CWE-125,rhel-5/kvm=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,rhelsa-7/arm-kernel=notaffected,mrg-2/realtime-kernel=notaffected,fedora-all/kernel=affected |
| Prasad Pandit | 2016-05-16 12:01:26 UTC | Summary | EMBARGOED CVE-2016-3713 kernel: kvm: out-of-bounds access in set_var_mtrr_msr | CVE-2016-3713 kernel: kvm: out-of-bounds access in set_var_mtrr_msr |
| Prasad Pandit | 2016-05-16 12:01:36 UTC | Group | security, qe_staff | |
| Prasad Pandit | 2016-05-16 12:01:52 UTC | Depends On | 1336410 | |
| Salvatore Bonaccorso | 2016-05-16 12:06:34 UTC | CC | carnil | |
| Martin Prpič | 2016-05-30 14:31:51 UTC | Doc Text | Linux kernel built with the Kernel-based Virtual Machine(KVM) with variable Memory Type Range Registers(MTRR) support is vulnerable to an out-of-bounds r/w access issue. It could occur while accessing MTRRs via ioctl(2) call. A privileged user inside guest could use this flaw manipulate host kernel's memory bytes leading to information disclosure or crashing the kernel resulting in DoS. | |
| Andrej Nemec | 2016-07-11 13:20:37 UTC | Priority | low | medium |
| CC | anemec | |||
| Severity | low | medium | ||
| John Skeoch | 2016-10-04 04:20:18 UTC | CC | pholasek | |
| PnT Account Manager | 2018-02-07 23:14:11 UTC | CC | agordeev | |
| PnT Account Manager | 2018-07-19 06:17:00 UTC | CC | mguzik | |
| PnT Account Manager | 2018-08-28 22:05:01 UTC | CC | lwang | |
| Eric Sammons | 2019-02-08 15:03:23 UTC | CC | esammons | |
| PnT Account Manager | 2019-05-02 21:51:16 UTC | CC | anemec | |
| Product Security DevOps Team | 2019-06-08 02:51:05 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2019-06-08 02:51:05 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:48:22 UTC | Whiteboard | impact=moderate,public=20160516,reported=20160429,source=researcher,cvss2=5.5/AV:A/AC:H/Au:S/C:P/I:P/A:C,cwe=CWE-125,rhel-5/kvm=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,rhelsa-7/arm-kernel=notaffected,mrg-2/realtime-kernel=notaffected,fedora-all/kernel=affected |
Back to bug 1332139