Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 395681 (CVE-2011-4622) - kernel: kvm: pit timer with no irqchip crashes the system (CVE-2011-4622)
Summary: kernel: kvm: pit timer with no irqchip crashes the system (CVE-2011-4622)
Status: RESOLVED OBSOLETE
Alias: CVE-2011-4622
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Kernel Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-22 11:34 UTC by Michael Harrison
Modified: 2018-04-04 19:46 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Harrison 2011-12-22 11:34:42 UTC
User space may create the PIT and forgets about setting up the irqchips.
In that case, firing PIT IRQs will crash the host:

    BUG: unable to handle kernel NULL pointer dereference at 0000000000000128
    IP: [<ffffffffa10f6280>] kvm_set_irq+0x30/0x170 [kvm]
    ...
    Call Trace:
     [<ffffffffa11228c1>] pit_do_work+0x51/0xd0 [kvm]
     [<ffffffff81071431>] process_one_work+0x111/0x4d0
     [<ffffffff81071bb2>] worker_thread+0x152/0x340
     [<ffffffff81075c8e>] kthread+0x7e/0x90
     [<ffffffff815a4474>] kernel_thread_helper+0x4/0x10

Reference:
http://permalink.gmane.org/gmane.comp.emulators.kvm.devel/83564
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2012-01-30 12:18:40 UTC
CVE-2011-4622 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4622):
  The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and
  possibly other versions, does not properly handle when Programmable Interval
  Timer (PIT) interrupt requests (IRQs) when a virtual interrupt controller
  (irqchip) is not available, which allows local users to cause a denial of
  service (NULL pointer dereference) by starting a timer.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2012-02-27 21:56:42 UTC
This only affects the Kernel side, no GLSA will be released.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-04-04 19:46:23 UTC
kvm was merged in kernel in version 2.6.20. There are no longer any 2.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.