CVE-2012-4461

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.6.9 openSUSE systemtap-runtime-debuginfo (affected versions not specified) openSUSE systemtap-sdt-devel (affected versions not specified) openSUSE systemtap (affected versions not specified) openSUSE libvmtools0 (affected versions not specified) openSUSE systemtap-client (affected versions not specified) openSUSE systemtap-client-debuginfo (affected versions not specified) openSUSE systemtap-server-debuginfo (affected versions not specified) openSUSE libvmtools0-debuginfo (affected versions not specified) openSUSE systemtap-runtime (affected versions not specified) openSUSE systemtap-server (affected versions not specified) openSUSE systemtap-debuginfo (affected versions not specified) openSUSE libvmtools-devel (affected versions not specified) openSUSE systemtap-debugsource (affected versions not specified)

Description The issue allows local users to cause a denial of service by using the KVM SET SREGS ioctl to set the X86 CR4 OSXSAVE bit in the guest cr4 register, then calling the KVM RUN ioctl. Multiple vulnerabilities in openSUSE packages may lead to disruption of protected information availability, and exploitation can be done remotely.

Recommendations For Linux kernel versions prior to 3.6.9, update to version 3.6.9 or later to resolve the issue. For openSUSE systemtap-runtime-debuginfo, systemtap-sdt-devel, systemtap, libvmtools0, systemtap-client, systemtap-client-debuginfo, systemtap-server-debuginfo, libvmtools0-debuginfo, systemtap-runtime, systemtap-server, systemtap-debuginfo, libvmtools-devel, and systemtap-debugsource, at the moment, there is no information about a newer version that contains a fix for this vulnerability.