High severity7.8NVD Advisory· Published Jul 16, 2013· Updated Apr 29, 2026

CVE-2013-1943

Description

The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guest's physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.

Affected products

Canonical/Ubuntu Linux
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <3.0
Red Hat/Enterprise Linux
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus2 versions
cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*

Patches

fa3d315a4ce2

https://github.com/torvalds/linuxvia nvd-ref

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
github.com/torvalds/linux/commit/fa3d315a4ce2c0891cdde262562e710d95fba19envdPatchThird Party Advisory
www.ubuntu.com/usn/USN-1939-1nvdThird Party Advisory
web.archive.org/web/20130329070349/http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0nvdBroken Link
git.kernel.orgnvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000