CVE-2012-1601

The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://rhn.redhat.com/errata/RHSA-2012-0571.html
http://rhn.redhat.com/errata/RHSA-2012-0676.html
http://secunia.com/advisories/49928
http://www.debian.org/security/2012/dsa-2469
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6
http://www.openwall.com/lists/oss-security/2012/03/30/1
http://www.securitytracker.com/id?1026897
https://bugzilla.redhat.com/show_bug.cgi?id=808199
https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef
https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://rhn.redhat.com/errata/RHSA-2012-0571.html
http://rhn.redhat.com/errata/RHSA-2012-0676.html
http://secunia.com/advisories/49928
http://www.debian.org/security/2012/dsa-2469
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6
http://www.openwall.com/lists/oss-security/2012/03/30/1
http://www.securitytracker.com/id?1026897
https://bugzilla.redhat.com/show_bug.cgi?id=808199
https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef
https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:37

Type	Values Removed	Values Added
References	~~() http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2012-0571.html -~~	() http://rhn.redhat.com/errata/RHSA-2012-0571.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2012-0676.html -~~	() http://rhn.redhat.com/errata/RHSA-2012-0676.html -
References	~~() http://secunia.com/advisories/49928 -~~	() http://secunia.com/advisories/49928 -
References	~~() http://www.debian.org/security/2012/dsa-2469 -~~	() http://www.debian.org/security/2012/dsa-2469 -
References	~~() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6 -~~	() http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6 -
References	~~() http://www.openwall.com/lists/oss-security/2012/03/30/1 -~~	() http://www.openwall.com/lists/oss-security/2012/03/30/1 -
References	~~() http://www.securitytracker.com/id?1026897 -~~	() http://www.securitytracker.com/id?1026897 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=808199 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=808199 -
References	~~() https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef -~~	() https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef -
References	~~() https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html -~~	() https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html -

Information

Published : 2012-05-17 11:00

Updated : 2024-11-21 01:37

NVD link : CVE-2012-1601

Mitre link : CVE-2012-1601

CVE.ORG link : CVE-2012-1601

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-399

Resource Management Errors

4.9 /10