397945 – kernel: KVM KVM_ASSIGN_PCI_DEVICE IOCTL DoS Vulnerability (CVE-2011-4347)

Bug 397945 - kernel: KVM KVM_ASSIGN_PCI_DEVICE IOCTL DoS Vulnerability (CVE-2011-4347)

Summary: kernel: KVM KVM_ASSIGN_PCI_DEVICE IOCTL DoS Vulnerability (CVE-2011-4347)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Kernel Security

URL:	http://secunia.com/advisories/47431/
Whiteboard:	[linux >= 2.6]
Keywords:

Depends on:
Blocks:

Reported:	2012-01-06 23:54 UTC by Michael Harrison
Modified:	2018-04-04 17:50 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Harrison 2012-01-06 23:54:02 UTC

The vulnerability is caused due to KVM not properly restricting the KVM_ASSIGN_PCI_DEVICE IOCTL, which can be exploited to stop PCI devices from working by sending specially crafted IOCTLs.

Solution:
Restrict access to trusted users only.

Original Advisory
http://thread.gmane.org/gmane.comp.emulators.kvm.devel/82043

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2013-08-31 18:56:03 UTC

CVE-2011-4347 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4347):
  The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the
  KVM subsystem in the Linux kernel before 3.1.10 does not verify permission
  to access PCI configuration space and BAR resources, which allows host OS
  users to assign PCI devices and cause a denial of service (host OS crash)
  via a KVM_ASSIGN_PCI_DEVICE operation.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-04-04 17:50:03 UTC

There are no longer any 2.x or <3.1.10 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.