CVE-2012-2121

medium

Description

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

References

http://rhn.redhat.com/errata/RHSA-2012-0676.html

http://rhn.redhat.com/errata/RHSA-2012-0743.html

http://secunia.com/advisories/50732

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4

http://www.openwall.com/lists/oss-security/2012/04/19/16

http://www.securitytracker.com/id?1027083

http://www.ubuntu.com/usn/USN-1577-1

http://www.ubuntu.com/usn/USN-2036-1

http://www.ubuntu.com/usn/USN-2037-1

https://bugzilla.redhat.com/show_bug.cgi?id=814149

https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195

Details

Source: MITRE

Published: 2012-05-17

Updated: 2018-01-05

Type: CWE-264

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM