Vulnerability Details : CVE-2012-1179
The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-1179
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1179
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.2
|
MEDIUM | AV:A/AC:M/Au:S/C:N/I:N/A:C |
4.4
|
6.9
|
NIST |
CWE ids for CVE-2012-1179
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1179
-
http://www.openwall.com/lists/oss-security/2012/03/15/7
oss-security - CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON()
-
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html
[security-announce] SUSE-SU-2012:0554-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075781.html
[SECURITY] Fedora 16 Update: kernel-3.2.10-3.fc16
-
http://rhn.redhat.com/errata/RHSA-2012-0743.html
RHSA-2012:0743 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=803793
803793 – (CVE-2012-1179) CVE-2012-1179 kernel: thp:__split_huge_page() mapcount != page_mapcount BUG_ON()
-
http://www.securitytracker.com/id?1027084
Linux Kernel KVM pmd_none_or_clear_bad() Bug Lets Local Guest Users Cause Denial of Service Conditions on the Host System - SecurityTracker
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.1
-
https://github.com/torvalds/linux/commit/4a1d704194a441bf83c636004a479e01360ec850
mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read… · torvalds/linux@4a1d704 · GitHub
-
http://marc.info/?l=bugtraq&m=139447903326211&w=2
'[security bulletin] HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server ' - MARC
Products affected by CVE-2012-1179
- cpe:2.3:o:linux:linux_kernel:*:rc7:*:*:*:*:*:*