Linux Kernel up to 3.2.17-1 KVM denial of service

VulDB: Linux Kernel up to 3.2.17-1 KVM denial of service

General

Linux

scipID: 5386
Affected: Linux Kernel up to 3.2.17-1
Published: 05/10/2012 (Michael Ellerman)
Risk: problematic
Entry: 90.3% complete
Created: 05/15/2012
Updated: 09/03/2012

Summary

A vulnerability has been found in Linux Kernel up to 3.2.17-1 and classified as problematic. This vulnerability affects an unknown function of the component KVM. The manipulation with an unknown input leads to a denial of service vulnerability. As an impact it is known to affect availability.

The weakness was released 05/10/2012 by Michael Ellerman as DSA-2469-1 as knowledge base article (Website). The advisory is shared for download at debian.org. The vendor was not involved in the coordination of the public release. This vulnerability was named CVE-2012-1601 since 03/12/2012. The attack needs to be approached locally. The successful exploitation needs a single authentication. The technical details are unknown and an exploit is not available.

The vulnerability scanner Nessus provides a plugin with the ID 59324 (USN-1460-1 : linux-ti-omap4 vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Ubuntu Local Security Checks and running in the context local.

Upgrading to version 2.6.32-45 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (81811) and Secunia (SA49098).