412885 – (CVE-2012-2121) Kernel: kvm Device Mapping Memory Leak Denial of Service Vulnerability (CVE-2012-2121)

Bug 412885 (CVE-2012-2121) - Kernel: kvm Device Mapping Memory Leak Denial of Service Vulnerability (CVE-2012-2121)

Summary: Kernel: kvm Device Mapping Memory Leak Denial of Service Vulnerability (CVE-2...

Status:	RESOLVED OBSOLETE

Alias:	CVE-2012-2121

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Kernel Security

URL:	https://secunia.com/advisories/48852/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-21 09:33 UTC by Agostino Sarubbo
Modified:	2018-04-04 18:11 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2012-04-21 09:33:08 UTC

From secunia advisory at $URL:

Description
A vulnerability has been reported in KVM, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due a memory leak error when unpinning device mappings from the IOMMU. This can be exploited to exhaust memory and render the system unusable by unplugging and plugging certain devices.


Solution
Fixed in the GIT repository.

Original Advisory
https://lkml.org/lkml/2012/4/11/248

Comment 1 Doug Goldstein (RETIRED) gentoo-dev

2012-04-21 17:21:09 UTC

This bug is not in the user space component. This is a bug in the kernel. Please change it to the kernel and ask the gentoo-sources guys to fix it.

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-04-04 18:11:11 UTC

There are no longer any 2.x or <3.3.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.