** Description changed: - User space may create the PIT and forget about setting up the irqchips. - In that case, firing PIT IRQs will crash the host: BUG: unable to handle - kernel NULL pointer dereference at 0000000000000128 IP: + The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and + possibly other versions, does not properly handle when Programmable + Interval Timer (PIT) interrupt requests (IRQs) when a virtual interrupt + controller (irqchip) is not available, which allows local users to cause + a denial of service (NULL pointer dereference) by starting a timer. BUG: + unable to handle kernel NULL pointer dereference at 0000000000000128 IP: [<ffffffffa10f6280>] kvm_set_irq+0x30/0x170 [kvm] ... Call Trace: [<ffffffffa11228c1>] pit_do_work+0x51/0xd0 [kvm] [<ffffffff81071431>] process_one_work+0x111/0x4d0 [<ffffffff81071bb2>] worker_thread+0x152/0x340 [<ffffffff81075c8e>] kthread+0x7e/0x90 [<ffffffff815a4474>] kernel_thread_helper+0x4/0x10 Break-Fix: 7837699fa6d7adf81f26ab73a5f6897ea1ab9d6a 0924ab2cfa98b1ece26c033d696651fd62896c69
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/911303 Title: CVE-2011-4622 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/911303/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
