Bug 756084 - (CVE-2011-4347) CVE-2011-4347 kernel: kvm: device assignment DoS
CVE-2011-4347 kernel: kvm: device assignment DoS
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 756092 756093 770094 770095 770096 770097 770098 771678 816630
Blocks: 755387
  Show dependency treegraph
Reported: 2011-11-22 11:41 EST by Petr Matousek
Modified: 2016-11-08 10:58 EST (History)
20 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-09-18 07:58:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Petr Matousek 2011-11-22 11:41:57 EST
It was found that kvm_vm_ioctl_assign_device function did not check if the user requesting assignment was privileged or not. Together with /dev/kvm being 666, unprivileged user could assign unused pci devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers.

Please note that privileged access was still needed to re-program the device to for example issue DMA requests. This is typically achieved by touching files on sysfs filesystem. These files are usually not accessible to unprivileged users.

As a result, local user could use this flaw to crash the system.



Red Hat would like to thank Sasha Levin for reporting this issue.
Comment 6 Petr Matousek 2011-12-23 06:05:58 EST
Created kernel tracking bugs for this issue

Affects: fedora-all [bug 770096]
Comment 7 Petr Matousek 2012-01-18 16:03:36 EST

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html. A future kvm update in Red Hat Enterprise 5 may address this flaw.
Comment 8 errata-xmlrpc 2012-02-20 22:15:26 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2012:0149 https://rhn.redhat.com/errata/RHSA-2012-0149.html
Comment 10 errata-xmlrpc 2012-03-06 13:45:00 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0350 https://rhn.redhat.com/errata/RHSA-2012-0350.html
Comment 12 errata-xmlrpc 2012-06-26 14:41:28 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6.1 EUS - Server Only

Via RHSA-2012:1042 https://rhn.redhat.com/errata/RHSA-2012-1042.html

Note You need to log in before you can comment on or make changes to this bug.