Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 412885 (CVE-2012-2121)

Summary: Kernel: kvm Device Mapping Memory Leak Denial of Service Vulnerability (CVE-2012-2121)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED OBSOLETE    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/48852/
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-04-21 09:33:08 UTC 
From secunia advisory at $URL:

Description
A vulnerability has been reported in KVM, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due a memory leak error when unpinning device mappings from the IOMMU. This can be exploited to exhaust memory and render the system unusable by unplugging and plugging certain devices.


Solution
Fixed in the GIT repository.

Original Advisory
https://lkml.org/lkml/2012/4/11/248
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2012-04-21 17:21:09 UTC 
This bug is not in the user space component. This is a bug in the kernel. Please change it to the kernel and ask the gentoo-sources guys to fix it.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 18:11:11 UTC 
There are no longer any 2.x or <3.3.x kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.