Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4461

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2012-4461
Last Modified 20 Jun 2013 11:13:45
Published 22 Jan 2013 06:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4461

Summary

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.

Vulnerable Systems

Operating System

  • Linux Kernel 3.6

  • Linux Kernel 3.6.1

  • Linux Kernel 3.6.2

  • Linux Kernel 3.6.3

  • Linux Kernel 3.6.4

  • Linux Kernel 3.6.5

  • Linux Kernel 3.6.6

  • Linux Kernel 3.6.7

  • Linux Kernel 3.6.8


References

SUSE - SUSE-SU-2012:1679

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=862900

BID - 56414

MLIST - [oss-security] 20121106 CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set

CONFIRM - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9

MISC - http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742

REDHAT - RHSA-2013:0223

SECUNIA - 51160

REDHAT - RHSA-2013:0882

SUSE - openSUSE-SU-2013:0925

Related Patches

Novell SUSE 2012:7123 kernel security update for SLE 11 SP2 i586

Novell SUSE 2012:7127 kernel security update for SLE 11 SP2 x86_64


Last Updated: 27 May 2016 10:51:50