QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4347

Published: Jun 8, 2013

Modified: Aug 7, 2024

PUBLISHED

Description

The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20111124 Re: CVE request -- kernel: kvm: device assignment DoS

mailing-list

x_refsource_MLIST

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=756084

x_refsource_CONFIRM

https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.