[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2137Date: (C)2013-01-23   (M)2024-03-08


Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-50952
SECUNIA-50961
BID-54063
HPSBGN02970
RHSA-2012:0743
USN-1529-1
USN-1594-1
USN-1606-1
USN-1607-1
USN-1609-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed
http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24
https://bugzilla.redhat.com/show_bug.cgi?id=816151
openSUSE-SU-2013:0925

CWE    1
CWE-119
OVAL    10
oval:org.secpod.oval:def:701041
oval:org.secpod.oval:def:700956
oval:org.secpod.oval:def:1503695
oval:org.secpod.oval:def:701046
...

© SecPod Technologies