#VU92812 Security restrictions bypass in Linux kernel - CVE-2012-2121

Cybersecurity Help s.r.o.

Published: 2012-05-17 | Updated: 2018-01-05

Vulnerability identifier: #VU92812

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-2121

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://rhn.redhat.com/errata/RHSA-2012-0676.html
https://rhn.redhat.com/errata/RHSA-2012-0743.html
https://secunia.com/advisories/50732
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4
https://www.openwall.com/lists/oss-security/2012/04/19/16
https://www.securitytracker.com/id?1027083
https://www.ubuntu.com/usn/USN-1577-1
https://www.ubuntu.com/usn/USN-2036-1
https://www.ubuntu.com/usn/USN-2037-1
https://bugzilla.redhat.com/show_bug.cgi?id=814149
https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Security restrictions bypass in Linux kernel