CVE-2011-4622
Published: 27 January 2012
The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000128 IP: [<ffffffffa10f6280>] kvm_set_irq+0x30/0x170 [kvm] ... Call Trace: [<ffffffffa11228c1>] pit_do_work+0x51/0xd0 [kvm] [<ffffffff81071431>] process_one_work+0x111/0x4d0 [<ffffffff81071bb2>] worker_thread+0x152/0x340 [<ffffffff81075c8e>] kthread+0x7e/0x90 [<ffffffff815a4474>] kernel_thread_helper+0x4/0x10
From the Ubuntu security team
A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer.
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4622
- http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/83564
- https://ubuntu.com/security/notices/USN-1361-1
- https://ubuntu.com/security/notices/USN-1362-1
- https://ubuntu.com/security/notices/USN-1363-1
- https://ubuntu.com/security/notices/USN-1384-1
- https://ubuntu.com/security/notices/USN-1386-1
- https://ubuntu.com/security/notices/USN-1387-1
- https://ubuntu.com/security/notices/USN-1388-1
- https://ubuntu.com/security/notices/USN-1389-1
- NVD
- Launchpad
- Debian