Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4622

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2011-4622
Last Modified 20 Jun 2013 11:07:10
Published 27 Jan 2012 10:55:04
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-4622

Summary

The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.

Vulnerable Systems

Application

  • Redhat Kvm 83


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=769721

SECTRACK - 1026559

BID - 51172

REDHAT - RHSA-2012:0051

MLIST - [oss-security] 20111221 Re: kernel: kvm: pit timer with no irqchip crashes the system

MLIST - [kvm] 20111214 [PATCH 1/2] KVM: x86: Prevent starting PIT timers in the absence of irqchip support

SUSE - openSUSE-SU-2013:0925

Related Patches

Novell SUSE 2012:6227 kernel security update for SLE 11 SP1 i586

Novell SUSE 2012:6230 kernel security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:58:07