oss-sec mailing list archives

Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences

From: cve-assign () mitre org
Date: Mon, 26 Aug 2013 12:52:26 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Linux kernel built for the ARM(CONFIG_ARM) platform along with the Kernel
based Virtual Machine support(CONFIG_KVM), is vulnerable to a NULL pointer
dereference flaw. It occurs while performing an ioctl(KVM_GET_REG_LIST) call
on the KVM device, without first properly initialising a vCPU.

An unprivileged user/program could use this flaw to crash the kernel resulting
in DoS.

Upstream fix:
  -> https://git.kernel.org/linus/e8180dcaa8470ceca21109f143876fdcd9fe050a


Use CVE-2013-5634.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSG4afAAoJEGvefgSNfHMdiiUH/R9Y7Hn2tI0UUFA0FJluFNdx
xgZ0u1hxFkpEJ69O6FM5qKmH+TSfF/Jq27WIIjAwLPYA44bAqn3VeVukt/VpZPQj
FCHGcJIDNnwV8n+R29rUPUMQ6VaENDM0aJSWuDlo3puTndNiXX/6vGyh1QXNBfBm
uQHjvwIpOOErQibj2yReJoRJeIZkOJyf8oxJYp0yc+oE1ICbJ+yCCVfTCNBOQXhW
U6EzqiMKAsg1+IgMgJXlD9imf8q8X7kDGnhMq/iWzODeFTpNXtgtAEVp5Ng0irNm
08/zGfMH8F2u+OxFIwzcOc4Y+GYXUcGHHS2GKT399HXwrLUt64sxL5fOots/YxM=
=cONI
-----END PGP SIGNATURE-----

Current thread:

CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences P J P (Aug 26)
- Re: CVE request: Linux Kernel: ARM: KVM: NULL pointer dereferences cve-assign (Aug 26)