Vulnerability ID 4488

Linux Kernel arch/x86/kvm/i8254.c create_pit_timer() denial of service

Linux
CVSSv2 Temp ScoreCurrent Exploit Price
4.3$0-$1k

A vulnerability was found in Linux Kernel (the affected version is unknown). It has been classified as problematic. Affected is the function create_pit_timer() of the file arch/x86/kvm/i8254.c. The manipulation with an unknown input leads to a denial of service vulnerability. This is going to have an impact on availability.

The weakness was presented 12/14/2011. The advisory is shared for download at permalink.gmane.org. This vulnerability is traded as CVE-2011-4622 since 11/29/2011. The exploitability is told to be easy. The attack needs to be approached locally. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 68434 (Oracle Linux 5 : kvm (ELSA-2012-0051)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks and relying on port 0.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at permalink.gmane.org. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at OSVDB (77985), SecurityFocus (BID 51172), Secunia (SA47293) and SecurityTracker (ID 1026559).

CVSS

Base Score: 4.9 (CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C) [?]
Temp Score: 4.3 (CVSS2#E:ND/RL:OF/RC:ND) [?]

Access VectorAccess ComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Denial of service
Local: Yes
Remote: No

Availability: No

Current Price Estimation:

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 68434
Nessus Name: Oracle Linux 5 : kvm (ELSA-2012-0051)
Nessus File: ala_ALAS-2012-55.nasl
Nessus Family: Oracle Linux Local Security Checks
Nessus Port: 0
OpenVAS ID: 892389
OpenVAS Name: Debian Security Advisory DSA 2389-1 (linux-2.6 - privilege escalation/denial of service/information leak
OpenVAS File: deb_2389_1.nasl
OpenVAS Family: Debian Local Security Checks

Countermeasures

Recommended: Patch
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Patch: permalink.gmane.org

Timeline

12/24/2010 | VulnerabilityCenter entry assigned
02/22/2011 | VulnerabilityCenter entry created
11/29/2011 | CVE assigned
12/14/2011 | Advisory disclosed
12/14/2011 | Countermeasure disclosed
12/22/2011 | OSVDB entry created
01/21/2012 | VulDB entry created
01/27/2012 | NVD disclosed
07/12/2013 | Nessus plugin released
03/22/2015 | VulnerabilityCenter entry updated
07/08/2015 | VulDB entry updated

Sources

Advisory: permalink.gmane.org
Confirmation: bugzilla.redhat.com

CVE: CVE-2011-4622 (mitre.org) (nvd.nist.org) (cvedetails.com)

OSVDB: 77985 - Linux Kernel arch/x86/kvm/i8254.c create_pit_timer() Function PIT Configuring Local DoS
SecurityFocus: 51172 - Linux Kernel KVM 'create_pit_timer()' Function Local Denial of Service Vulnerability
Secunia: 47293 - Linux Kernel KVM PIT Denial of Service Vulnerability, Not Critical
SecurityTracker: 1026559 - KVM PIT IRQ Bug Lets Local Users Deny Service
Vulnerability Center: 29893 - IBM Tivoli Access Manager for e-business 6.1.1 Remote Information Disclosure Vulnerability, Medium

Entry

Created: 01/21/2012
Updates: 07/08/2015
Entry: 90.1% complete