Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2012-4461

Date: January 22, 2013

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl.

Language: C

Severity Score

Related Resources (15)

http://secunia.com/advisories/51160
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9
http://rhn.redhat.com/errata/RHSA-2013-0882.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git%3Ba=commit%3Bh=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9
https://access.redhat.com/security/cve/CVE-2012-4461
https://bugzilla.redhat.com/show_bug.cgi?id=862900
http://rhn.redhat.com/errata/RHSA-2013-0223.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2012-4461
https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html
http://www.openwall.com/lists/oss-security/2012/11/06/14
https://nvd.nist.gov/vuln/detail/CVE-2012-4461
http://www.securityfocus.com/bid/56414
http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742
https://www.mend.io/vulnerability-database/CVE-2012-4461

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us