CVE-2012-2121

Severity

49%

Complexity

39%

Confidentiality

115%

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 13 years ago

2012-05-17 11:00:00

Last updated 7 years ago

2018-01-05 02:29:00

Affected Software

Linux Kernel

References

RHSA-2012:0676

RHSA-2012:0743

50732

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4

[oss-security] 20120419 Re: CVE request -- kernel: kvm: device assignment page leak

1027083

USN-1577-1

USN-2036-1

USN-2037-1

https://bugzilla.redhat.com/show_bug.cgi?id=814149

https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.