If some vcpus are created before KVM_CREATE_IRQCHIP, then irqchip_in_kernel() and vcpu->arch.apic will be inconsistent, leading to potential NULL pointer dereferences. A unprivileged local user could use this flaw to crash the system. References: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/86217 http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=5b40572ed5f0344b9dbee486a17c589ce1abe1a3
Created kernel tracking bugs for this issue Affects: fedora-all [bug 808207]
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0571.html. This has been addressed in Red Hat Enterprise Linux 5 via RHSA-2012:0676 https://rhn.redhat.com/errata/RHSA-2012-0676.html.
Added CVE as per http://www.openwall.com/lists/oss-security/2012/03/30/1
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0571 https://rhn.redhat.com/errata/RHSA-2012-0571.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0676 https://rhn.redhat.com/errata/RHSA-2012-0676.html