Division by zero in Linux kernel - CVE-2015-7513

Detailed vulnerability description

The vulnerability allows a local user to a crash the entire system.

The vulnerability exists due to a division by zero error within the kvm_vm_ioctl_get_pit(), kvm_vm_ioctl_get_pit2() and kvm_vm_ioctl_set_pit2() functions in arch/x86/kvm/x86.c. A local user can a crash the entire system.

How to mitigate CVE-2015-7513

Sources

• https://bugzilla.redhat.com/show_bug.cgi?id=1284847
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0185604c2d82c560dab2f2933a18f797e74ab5a8
• https://github.com/torvalds/linux/commit/0185604c2d82c560dab2f2933a18f797e74ab5a8
• http://www.openwall.com/lists/oss-security/2016/01/07/2
• http://www.ubuntu.com/usn/USN-2889-1
• http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
• http://www.ubuntu.com/usn/USN-2890-1
• http://www.ubuntu.com/usn/USN-2890-3
• http://www.ubuntu.com/usn/USN-2887-2
• http://www.ubuntu.com/usn/USN-2890-2
• http://www.ubuntu.com/usn/USN-2887-1
• http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175792.html
• http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html
• http://www.ubuntu.com/usn/USN-2888-1
• http://www.ubuntu.com/usn/USN-2886-1
• http://www.ubuntu.com/usn/USN-2889-2
• http://www.securityfocus.com/bid/79901
• http://www.securitytracker.com/id/1034602
• http://www.debian.org/security/2016/dsa-3434