{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef"}, {"name": "SUSE-SU-2012:1679", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"}, {"name": "DSA-2469", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2469"}, {"name": "[oss-security] 20120329 Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/1"}, {"name": "RHSA-2012:0571", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0571.html"}, {"name": "1026897", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1026897"}, {"name": "openSUSE-SU-2013:0925", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"name": "49928", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49928"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6"}, {"name": "RHSA-2012:0676", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:01:02.571Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef"}, {"name": "SUSE-SU-2012:1679", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"}, {"name": "DSA-2469", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2469"}, {"name": "[oss-security] 20120329 Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/1"}, {"name": "RHSA-2012:0571", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0571.html"}, {"name": "1026897", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1026897"}, {"name": "openSUSE-SU-2013:0925", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"name": "49928", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49928"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6"}, {"name": "RHSA-2012:0676", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-1601", "datePublished": "2012-05-17T10:00:00", "dateReserved": "2012-03-12T00:00:00", "dateUpdated": "2024-08-06T19:01:02.571Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF2962D8-066F-4F86-9EB6-C453CCF0106B", "versionEndIncluding": "3.3.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists."}, {"lang": "es", "value": "La implementaci\u00f3n KVM en el n\u00facleo de Linux anterior a la versi\u00f3n V3.3.6 permite a los usuarios del sistema operativo causar una denegaci\u00f3n de servicio (puntero NULL a referencia eliminada y ca\u00edda del sistema operativo del host) al hacer una llamada ioctl KVM_CREATE_IRQCHIP sobre una CPU virtual que ya existe."}], "id": "CVE-2012-1601", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-17T11:00:37.757", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0571.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/49928"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2469"}, {"source": "secalert@redhat.com", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/30/1"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1026897"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef"}, {"source": "secalert@redhat.com", "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0571.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0676.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/49928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2012/dsa-2469"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1026897"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0676", "cpe": "cpe:/a:redhat:rhel_virtualization:5", "package": "kvm-0:83-249.el5_8.4", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-05-21T00:00:00Z"}, {"advisory": "RHSA-2012:0571", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-220.17.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-05-15T00:00:00Z"}], "bugzilla": {"description": "kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency", "id": "808199", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists."], "name": "CVE-2012-1601", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kvm", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2012-02-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-1601\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1601"], "statement": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0571.html. This has been addressed in Red Hat Enterprise Linux 5 via RHSA-2012:0676 https://rhn.redhat.com/errata/RHSA-2012-0676.html.", "threat_severity": "Moderate"}

{}