Vulnerability Description
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 3.1.9 |
Related Weaknesses (CWE)
References
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10
- http://www.openwall.com/lists/oss-security/2011/11/24/7
- https://bugzilla.redhat.com/show_bug.cgi?id=756084Vendor Advisory
- https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10
- http://www.openwall.com/lists/oss-security/2011/11/24/7
- https://bugzilla.redhat.com/show_bug.cgi?id=756084Vendor Advisory
- https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e
FAQ
What is CVE-2011-4347?
CVE-2011-4347 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources...
How severe is CVE-2011-4347?
CVE-2011-4347 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4347?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.