ID CVE-2013-6885
Summary The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue.
References
Vulnerable Configurations
  • cpe:2.3:o:amd:16h_model_processor_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:amd:16h_model_processor_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:amd:16h_model_00h_processor:-:*:*:*:*:*:*:*
    cpe:2.3:h:amd:16h_model_00h_processor:-:*:*:*:*:*:*:*
  • cpe:2.3:h:amd:16h_model_0fh_processor:-:*:*:*:*:*:*:*
    cpe:2.3:h:amd:16h_model_0fh_processor:-:*:*:*:*:*:*:*
CVSS
Base: 4.7 (as of 16-12-2017 - 02:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:C
redhat via4
advisories
rhsa
id RHSA-2014:0285
rpms
  • kernel-0:2.6.18-371.6.1.el5
  • kernel-PAE-0:2.6.18-371.6.1.el5
  • kernel-PAE-devel-0:2.6.18-371.6.1.el5
  • kernel-debug-0:2.6.18-371.6.1.el5
  • kernel-debug-devel-0:2.6.18-371.6.1.el5
  • kernel-devel-0:2.6.18-371.6.1.el5
  • kernel-doc-0:2.6.18-371.6.1.el5
  • kernel-headers-0:2.6.18-371.6.1.el5
  • kernel-kdump-0:2.6.18-371.6.1.el5
  • kernel-kdump-devel-0:2.6.18-371.6.1.el5
  • kernel-xen-0:2.6.18-371.6.1.el5
  • kernel-xen-devel-0:2.6.18-371.6.1.el5
refmap via4
bid 63983
confirm
debian DSA-3128
fedora
  • FEDORA-2013-22754
  • FEDORA-2013-22866
  • FEDORA-2013-22888
gentoo GLSA-201407-03
misc http://www.zdnet.com/blog/hardware/amd-owns-up-to-cpu-bug/18924
mlist
  • [kernel] 20111225 Buildworld loop seg-fault update -- I believe it is hardware
  • [oss-security] 20131127 CVE-2013-6885 AMD Publ. 51810 Errata 793 system hang
  • [oss-security] 20131202 Xen Security Advisory 82 (CVE-2013-6885) - Guest triggerable AMD CPU erratum may cause host to hang
sectrack 1029415
secunia 55840
suse
  • SUSE-SU-2014:0372
  • SUSE-SU-2014:0373
  • SUSE-SU-2014:0411
  • SUSE-SU-2014:0446
  • SUSE-SU-2014:0459
  • SUSE-SU-2014:0470
xf xen-cve20136885-dos(89335)
Last major update 16-12-2017 - 02:29
Published 29-11-2013 - 04:33
Back to Top