{ "threat_severity" : "Moderate", "public_date" : "2012-02-07T00:00:00Z", "bugzilla" : { "description" : "kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency", "id" : "808199", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=808199" }, "cvss" : { "cvss_base_score" : "4.0", "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status" : "verified" }, "details" : [ "The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists." ], "statement" : "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0571.html. This has been addressed in Red Hat Enterprise Linux 5 via RHSA-2012:0676 https://rhn.redhat.com/errata/RHSA-2012-0676.html.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2012-05-21T00:00:00Z", "advisory" : "RHSA-2012:0676", "cpe" : "cpe:/a:redhat:rhel_virtualization:5", "package" : "kvm-0:83-249.el5_8.4" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2012-05-15T00:00:00Z", "advisory" : "RHSA-2012:0571", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-220.17.1.el6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Affected", "package_name" : "kvm", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "realtime-kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-1601\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-1601" ], "name" : "CVE-2012-1601", "csaw" : false }