CVE-2012-2121

medium

Description

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

References

https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195

https://bugzilla.redhat.com/show_bug.cgi?id=814149

http://www.ubuntu.com/usn/USN-2037-1

http://www.ubuntu.com/usn/USN-2036-1

http://www.ubuntu.com/usn/USN-1577-1

http://www.securitytracker.com/id?1027083

http://www.openwall.com/lists/oss-security/2012/04/19/16

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4

http://secunia.com/advisories/50732

http://rhn.redhat.com/errata/RHSA-2012-0743.html

http://rhn.redhat.com/errata/RHSA-2012-0676.html

Details

Source: Mitre, NVD

Published: 2012-05-17

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Severity: Medium