CVE-2013-0231 - OpenCVE

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Xen	Xen

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel:2.6.18:::::::*
	cpe:2.3:o:linux:linux_kernel:3.8:::::::*
	cpe:2.3:o:xen:xen:3.0.2:::::::*
	cpe:2.3:o:xen:xen:3.0.3:::::::*
	cpe:2.3:o:xen:xen:3.0.4:::::::*
	cpe:2.3:o:xen:xen:3.1.3:::::::*
	cpe:2.3:o:xen:xen:3.1.4:::::::*
	cpe:2.3:o:xen:xen:3.2.0:::::::*
	cpe:2.3:o:xen:xen:3.2.1:::::::*
	cpe:2.3:o:xen:xen:3.2.2:::::::*
	cpe:2.3:o:xen:xen:3.2.3:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://osvdb.org/89903
http://secunia.com/advisories/52059	Vendor Advisory
http://www.debian.org/security/2013/dsa-2632
http://www.openwall.com/lists/oss-security/2013/02/05/9
http://www.securityfocus.com/bid/57740
https://exchange.xforce.ibmcloud.com/vulnerabilities/81923

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-02-13T01:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2012-12-06T00:00:00

Link: CVE-2013-0231

JSON object: View

NVD Information

Status : Modified

Published: 2013-02-13T01:55:03.497

Modified: 2017-08-29T01:33:00.417

Link: CVE-2013-0231

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130205 Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/05/9"}, {"name": "57740", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57740"}, {"name": "xen-pcibackenablemsi-dos(81923)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81923"}, {"name": "openSUSE-SU-2013:0395", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html"}, {"name": "52059", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52059"}, {"name": "SUSE-SU-2013:0674", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html"}, {"name": "openSUSE-SU-2013:0925", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"name": "DSA-2632", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2632"}, {"name": "89903", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/89903"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0231", "datePublished": "2013-02-13T01:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "C06F0037-DE20-4B4A-977F-BFCFAB026517", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "98AE0611-612F-4BF1-9ED7-3C3B88872ABF", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5D62197-4FF7-4B73-8DC6-6E9344AF7CAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "44CAE6A7-9817-472C-B1C6-3FF196304D08", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E96BB7DE-0A6A-4418-A879-159F5FF88615", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7568820A-ED66-47DF-A9B0-27A474D6C2C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "5D8C046D-BE62-43BA-9F50-B4D383475EA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B81B6EEB-D01E-432D-AEBF-707409741C0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2A4B60DE-A8C0-459E-A99C-6EF0D3264B75", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A83F4F7E-53CF-4066-857B-2154D25979D8", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "048E790E-B0A1-4504-9299-0B6D9CB0C509", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "La funci\u00f3n pciback_enable_msi en el controlador PCI backend (drivers/xen/pciback/conf_space_capability_msi.c) en Xen para Linux kernel v2.6.18 y v3.8, permite que los usuarios de los sistemas operativos hu\u00e9sped (guest) puedan provocar una denegaci\u00f3n de servicio a trav\u00e9s de un n\u00famero elevado de mensajes de log del kernel. NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."}], "id": "CVE-2013-0231", "lastModified": "2017-08-29T01:33:00.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-13T01:55:03.497", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/89903"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52059"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2632"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/05/9"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57740"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81923"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}