CVE-2015-4692

Опубликовано: 04 июн. 2015

Источник: redhat

CVSS2: 4.7

Описание

The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

A DoS flaw was found for a Linux kernel built for the x86 architecture which had the KVM virtualization support(CONFIG_KVM) enabled. The kernel would be vulnerable to a NULL pointer dereference flaw in Linux kernel's kvm_apic_has_events() function while doing an ioctl. An unprivileged user able to access the "/dev/kvm" device could use this flaw to crash the system kernel.

Отчет

This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1230770kernel: kvm x86: NULL pointer dereference in kvm_apic_has_events function

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2015-4692

ubuntu

больше 10 лет назад

CVE-2015-4692

nvd

больше 10 лет назад

CVE-2015-4692

debian

больше 10 лет назад

The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux ...

GHSA-wqc9-vcg5-v949

github

больше 3 лет назад

SUSE-SU-2015:1324-1

suse-cvrf

больше 10 лет назад

Security update for the SUSE Linux Enterprise 12 kernel

4.7 Medium

CVSS2