CVE-2012-1601

Published: 29 March 2012

The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.

From the Ubuntu Security Team

A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service.

Notes

sha1 below is from the KVM tree, though it is likely to be the right one
when it hits upstream.  Patch title is:
KVM: Ensure all vcpus are consistent with in-kernel irqchip settings
now arrived in linus' tree as the sha1 below

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1601
• http://www.openwall.com/lists/oss-security/2012/03/29
• http://comments.gmane.org/gmane.comp.emulators.kvm.devel/86217
• https://ubuntu.com/security/notices/USN-1445-1
• https://ubuntu.com/security/notices/USN-1448-1
• https://ubuntu.com/security/notices/USN-1452-1
• https://ubuntu.com/security/notices/USN-1453-1
• https://ubuntu.com/security/notices/USN-1455-1
• https://ubuntu.com/security/notices/USN-1457-1
• https://ubuntu.com/security/notices/USN-1459-1
• https://ubuntu.com/security/notices/USN-1460-1
• https://ubuntu.com/security/notices/USN-1470-1
• https://ubuntu.com/security/notices/USN-1507-1
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=808199
• https://launchpad.net/bugs/971685