CVE-2012-1179

Published: 23 April 2012

The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. A privileged user in the KVM guest can use this flaw to crash the host. An unprivileged local user could use this flaw to crash the system.

From the Ubuntu security team

A flaw was found in the Linux kernel's handling of paged memory. A local unprivileged user, or a privileged user within a KVM guest, could exploit this flaw to crash the system.

Notes

linux-armadaxp is maintained by OEM

this is only tickled when a page is converted to a transparent hugepage
this support was introduced after maverick, natty is not affected as
transparent huge pages are off in the configuration.

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1179
• https://ubuntu.com/security/notices/USN-1431-1
• https://ubuntu.com/security/notices/USN-1433-1
• https://ubuntu.com/security/notices/USN-1446-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=803793
• https://launchpad.net/bugs/990362