CVE-2011-4347

Опубликовано: 20 нояб. 2011

Источник: redhat

CVSS2: 4

EPSS Низкий

Описание

The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.

Отчет

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html. A future kvm update in Red Hat Enterprise 5 may address this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kvm	Affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 5	kvm	Fixed	RHSA-2012:0149	21.02.2012
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2012:0350	06.03.2012
Red Hat Enterprise Linux 6.1 EUS - Server Only	kernel	Fixed	RHSA-2012:1042	26.06.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=756084kernel: kvm: device assignment DoS

EPSS

Процентиль: 15%

0.00049

Низкий

4 Medium

CVSS2

Связанные уязвимости

CVE-2011-4347

ubuntu

около 12 лет назад

CVE-2011-4347

nvd

около 12 лет назад

CVE-2011-4347

debian

около 12 лет назад

The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in ...

GHSA-x4h8-vxmx-gj2j

github

около 3 лет назад

ELSA-2012-0149

oracle-oval

больше 13 лет назад

ELSA-2012-0149: kvm security and bug fix update (MODERATE)

EPSS

Процентиль: 15%

0.00049

Низкий

4 Medium

CVSS2