CVE-2012-2121
kvm: device assignment page leak
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
La implementación de KVM en el kernel de Linux en versiones anteriores a la v3.3.4 no gestiona correctamente la relación entre las ranuras de memoria y el IOMMU, lo que permite causar una denegación de servicio (caída del sistema host) a los usuarios de sistemas operativos virtuales que funcionen bajo esa plataforma , aprovechandose del acceso de administración a un sistema operativo invitado para llevar a cabo operaciones 'hotunplug' y 'hotplug' en los dispositivos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-04-04 CVE Reserved
- 2012-05-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/50732 | Third Party Advisory | |
| http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/04/19/16 | Mailing List |
|
| http://www.securitytracker.com/id?1027083 | Vdb Entry | |
| https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0676.html | 2018-01-05 | |
| http://rhn.redhat.com/errata/RHSA-2012-0743.html | 2018-01-05 | |
| http://www.ubuntu.com/usn/USN-1577-1 | 2018-01-05 | |
| http://www.ubuntu.com/usn/USN-2036-1 | 2018-01-05 | |
| http://www.ubuntu.com/usn/USN-2037-1 | 2018-01-05 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=814149 | 2012-06-18 | |
| https://access.redhat.com/security/cve/CVE-2012-2121 | 2012-06-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.3.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.3.3" | - |
Affected
| ||||||