CVE-2012-2137 — MEDIUM (6.9)

Q: How severe is CVE-2012-2137?

CVE-2012-2137 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-2137?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.

Vulnerability Description

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.33, < 3.0.72
Canonical	Ubuntu Linux	10.04

Related Weaknesses (CWE)

CWE-119

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=139447903326211&w=2Mailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0743.htmlThird Party Advisory
http://secunia.com/advisories/50952Broken Link
http://secunia.com/advisories/50961Broken Link
http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overfloThird Party Advisory
http://ubuntu.com/usn/usn-1529-1Third Party Advisory
http://ubuntu.com/usn/usn-1607-1Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24Vendor Advisory
http://www.securityfocus.com/bid/54063Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1594-1Third Party Advisory
http://www.ubuntu.com/usn/USN-1606-1Third Party Advisory
http://www.ubuntu.com/usn/USN-1609-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=816151Issue TrackingThird Party Advisory

FAQ

What is CVE-2012-2137?

CVE-2012-2137 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors re...

How severe is CVE-2012-2137?

CVE-2012-2137 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2137?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux.