VulDB: Linux Kernel arch/x86/kvm/i8254.c create_pit_timer() denial of service
General
scipID: 4488
Affected: Linux Kernel
Published: 12/14/2011
Risk: 
problematic
Entry: 77.7% complete
Created: 01/21/2012
Updated: 09/03/2012
Summary
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function create_pit_timer() of the file arch/x86/kvm/i8254.c. The manipulation with an unknown input leads to a denial of service vulnerability. This is going to have an impact on availability.
The weakness was presented 12/14/2011. The advisory is shared for download at permalink.gmane.org. The attack needs to be approached locally. There are known technical details, but no exploit is available.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at permalink.gmane.org. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the vulnerability database at OSVDB (77985).CVSS
Base Score: 4.4 (CVSS2#AV:L/AC:M/Au:S/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: Yes
Remote: No
Availability: No
Countermeasures
Recommended: Patch
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: permalink.gmane.org
Timeline
12/14/2011 | Advisory disclosed
12/14/2011 | Countermeasure disclosed
12/22/2011 | OSVDB entry created
01/21/2012 | VulDB entry created
09/03/2012 | VulDB entry updated
Sources
Advisory: permalink.gmane.org
OSVDB: 77985
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
