CVE-2011-4622

15 documents7 sources
Severity
4.9MEDIUM
EPSS
0.1%
top 84.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat KVM
Timeline
PublishedJan 27
Latest updateMay 14

Description

The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller (irqchip) is not available, which allows local users to cause a denial of service (NULL pointer dereference) by starting a timer.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages15 packages

Ubuntulinux< 3.11.0-12.19+1
Ubuntulinux-aws< 4.4.0-1002.2+1
Ubuntulinux-flo< 3.4.0-1.3+1
Ubuntulinux-gke< 4.4.0-1003.3
Ubuntulinux-hwe< 4.8.0-36.36~16.04.1

Patches

Patch: permalink.gmane.orgPatch: permalink.gmane.org

🔴Vulnerability Details

3
GHSA
GHSA-gqh3-j9ff-5g88: The create_pit_timer function in arch/x86/kvm/i82542022-05-14
CVEList
CVE-2011-4622: The create_pit_timer function in arch/x86/kvm/i82542012-01-27
OSV
CVE-2011-4622: The create_pit_timer function in arch/x86/kvm/i82542012-01-27

📋Vendor Advisories

8
Ubuntu
Linux kernel (EC2) vulnerabilities2012-03-06
Ubuntu
Linux kernel (Oneiric backport) vulnerabilities2012-03-06
Ubuntu
Linux kernel vulnerabilities2012-03-06
Ubuntu
Linux kernel (Natty backport) vulnerabilities2012-03-06
Ubuntu
Linux kernel (Maverick backport) vulnerabilities2012-03-06

💬Community

3
Bugzilla
CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [fedora-all]2012-01-03
Bugzilla
CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [fedora-all]2011-12-23
Bugzilla
CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system2011-12-21
CVE-2011-4622 (MEDIUM CVSS 4.9) | The create_pit_timer function in ar | cvebase.io