CVE-2012-1601
Published: 29 March 2012
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
From the Ubuntu security team
A flaw was found in the Linux kernel's KVM (Kernel Virtual Machine) virtual cpu setup. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service.
Priority
Status
Notes
Author | Note |
---|---|
apw | sha1 below is from the KVM tree, though it is likely to be the right one when it hits upstream. Patch title is: KVM: Ensure all vcpus are consistent with in-kernel irqchip settings now arrived in linus' tree as the sha1 below |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1601
- http://www.openwall.com/lists/oss-security/2012/03/29
- http://comments.gmane.org/gmane.comp.emulators.kvm.devel/86217
- https://ubuntu.com/security/notices/USN-1445-1
- https://ubuntu.com/security/notices/USN-1448-1
- https://ubuntu.com/security/notices/USN-1452-1
- https://ubuntu.com/security/notices/USN-1453-1
- https://ubuntu.com/security/notices/USN-1455-1
- https://ubuntu.com/security/notices/USN-1457-1
- https://ubuntu.com/security/notices/USN-1459-1
- https://ubuntu.com/security/notices/USN-1460-1
- https://ubuntu.com/security/notices/USN-1470-1
- https://ubuntu.com/security/notices/USN-1507-1
- NVD
- Launchpad
- Debian