Security restrictions bypass in Linux kernel - CVE-2012-2121
Published: May 17, 2012 / Updated: January 5, 2018
Vulnerability identifier: #VU92812
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2012-2121
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
How to mitigate CVE-2012-2121
Install update from vendor's repository.
Sources
- http://rhn.redhat.com/errata/RHSA-2012-0676.html
- http://rhn.redhat.com/errata/RHSA-2012-0743.html
- http://secunia.com/advisories/50732
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4
- http://www.openwall.com/lists/oss-security/2012/04/19/16
- http://www.securitytracker.com/id?1027083
- http://www.ubuntu.com/usn/USN-1577-1
- http://www.ubuntu.com/usn/USN-2036-1
- http://www.ubuntu.com/usn/USN-2037-1
- https://bugzilla.redhat.com/show_bug.cgi?id=814149
- https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195