The vulnerability is caused due to KVM not properly restricting the KVM_ASSIGN_PCI_DEVICE IOCTL, which can be exploited to stop PCI devices from working by sending specially crafted IOCTLs. Solution: Restrict access to trusted users only. Original Advisory http://thread.gmane.org/gmane.comp.emulators.kvm.devel/82043
CVE-2011-4347 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4347): The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.
There are no longer any 2.x or <3.1.10 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.