Bug 808199 - (CVE-2012-1601) CVE-2012-1601 kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency
CVE-2012-1601 kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120207,repor...
: Security
Depends On: 807507 807854 808205 808206 808207
Blocks: 800835
  Show dependency treegraph
 
Reported: 2012-03-29 15:31 EDT by Petr Matousek
Modified: 2013-08-24 09:55 EDT (History)
25 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-24 09:55:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Petr Matousek 2012-03-29 15:31:49 EDT
If some vcpus are created before KVM_CREATE_IRQCHIP, then irqchip_in_kernel() and vcpu->arch.apic will be inconsistent, leading to potential NULL pointer dereferences.

A unprivileged local user could use this flaw to crash the system.

References:
http://comments.gmane.org/gmane.comp.emulators.kvm.devel/86217
http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=5b40572ed5f0344b9dbee486a17c589ce1abe1a3
Comment 5 Petr Matousek 2012-03-29 15:48:47 EDT
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 808207]
Comment 6 Petr Matousek 2012-03-29 15:51:41 EDT
Statement:

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0571.html. This has been addressed in Red Hat Enterprise Linux 5 via RHSA-2012:0676 https://rhn.redhat.com/errata/RHSA-2012-0676.html.
Comment 7 Kurt Seifried 2012-03-29 21:07:02 EDT
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/30/1
Comment 8 errata-xmlrpc 2012-05-15 19:10:53 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0571 https://rhn.redhat.com/errata/RHSA-2012-0571.html
Comment 9 errata-xmlrpc 2012-05-21 10:26:42 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0676 https://rhn.redhat.com/errata/RHSA-2012-0676.html

Note You need to log in before you can comment on or make changes to this bug.