CVE-2011-4622

Published: 27 January 2012

The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000128 IP: [<ffffffffa10f6280>] kvm_set_irq+0x30/0x170 [kvm] ... Call Trace: [<ffffffffa11228c1>] pit_do_work+0x51/0xd0 [kvm] [<ffffffff81071431>] process_one_work+0x111/0x4d0 [<ffffffff81071bb2>] worker_thread+0x152/0x340 [<ffffffff81075c8e>] kthread+0x7e/0x90 [<ffffffff815a4474>] kernel_thread_helper+0x4/0x10

From the Ubuntu security team

A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer.

Priority

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (4.2.0-16.19)
	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (3.11.0-12.19)
	Patches: Introduced by 7837699fa6d7adf81f26ab73a5f6897ea1ab9d6a Fixed by 0924ab2cfa98b1ece26c033d696651fd62896c69
linux-aws Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (4.4.0-1001.10)
	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (4.4.0-1002.2)
linux-ec2 Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-flo Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (3.4.0-5.22)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [3.4.0-1.3])
linux-fsl-imx51 Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-gke Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (4.4.0-1003.3)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-goldfish Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (3.4.0-4.27)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [3.4.0-1.9])
linux-grouper Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-hwe Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (4.8.0-36.36~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-hwe-edge Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (4.8.0-36.36~16.04.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-lts-backport-maverick Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-lts-backport-natty Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-lts-trusty Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-lts-utopic Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [3.16.0-25.33~14.04.2])
linux-lts-vivid Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [3.19.0-18.18~14.04.1])
linux-lts-wily Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [4.2.0-18.22~14.04.1])
linux-lts-xenial Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Not vulnerable (4.4.0-13.29~14.04.1)
linux-maguro Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was ignored [abandoned])
linux-mako Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (3.4.0-7.40)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [3.4.0-3.21])
linux-manta Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist (trusty was not-affected [3.4.0-4.19])
linux-mvl-dove Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-raspi2 Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (4.2.0-1013.19)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-snapdragon Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Not vulnerable (4.4.0-1012.12)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist
linux-ti-omap4 Launchpad, Ubuntu, Debian	Upstream	Released (3.2)




	Ubuntu 16.04 ESM (Xenial Xerus)	Does not exist
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM