Lucene search

[email protected]CVE-2011-4622

HistoryJan 27, 2012 - 3:55 p.m.

CVE-2011-4622

2012-01-2715:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

kvm

create_pit_timer

arch

x86

kvm

i8254.c

vulnerability

nvd

cve-2011-4622

null pointer dereference

denial of service

6.2 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.

CPENameOperatorVersion
redhat:kvmredhat kvmeq83

CPE	Name	Operator	Version
redhat:kvm	redhat kvm	eq	83

References

lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html

lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

permalink.gmane.org/gmane.comp.emulators.kvm.devel/83564

www.openwall.com/lists/oss-security/2011/12/21/7

www.redhat.com/support/errata/RHSA-2012-0051.html

www.securityfocus.com/bid/51172

www.securitytracker.com/id?1026559

bugzilla.redhat.com/show_bug.cgi?id=769721

6.2 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Related for CVE-2011-4622

seebug2 veracode1 nessus23 ubuntucve1 prion1 redhat3 centos2 openvas81 oraclelinux4 fedora27 ubuntu8 suse3 securityvulns2 osv1 debian1 amazon1