CVE-2011-4622

Name of the Vulnerable Software and Affected Versions openSUSE (affected versions not specified) KVM version 83

Description The issue is related to multiple vulnerabilities in various packages of the openSUSE operating system and a vulnerability in the KVM hypervisor. These vulnerabilities can lead to a denial of service (NULL pointer dereference) and potentially allow local users to cause a disruption in the availability of protected information. The vulnerabilities can be exploited remotely. In the case of KVM, the create pit timer function does not properly handle Programmable Interval Timer (PIT) interrupt requests when a virtual interrupt controller is not available.

Recommendations For openSUSE, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For KVM version 83, consider disabling the create pit timer function as a temporary workaround until a patch is available. Restrict access to the kvm set irq function to minimize the risk of exploitation. Avoid using the pit do work function in the affected KVM version until the issue is resolved.