rhsa-2012_0676
Vulnerability from csaf_redhat
Published
2012-05-21 13:47
Modified
2024-11-05 17:45
Summary
Red Hat Security Advisory: kvm security and bug fix update
Notes
Topic
Updated kvm packages that fix two security issues and one bug are now
available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.
A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled.
Calling this ioctl when at least one virtual CPU (VCPU) already existed
could lead to a NULL pointer dereference later when the VCPU is scheduled
to run. A malicious user in the kvm group on the host could use this flaw
to crash the host. (CVE-2012-1601)
A flaw was found in the way device memory was handled during guest device
removal. Upon successful device removal, memory used by the device was not
properly unmapped from the corresponding IOMMU or properly released from
the kernel, leading to a memory leak. A malicious user in the kvm group on
the host who has the ability to assign a device to a guest could use this
flaw to crash the host. (CVE-2012-2121)
This update also fixes the following bug:
* An off-by-one error in the QEMU guest's memory management could, in rare
cases, cause QEMU-KVM to crash due to a segmentation fault in
tb_invalidate_phys_page_range() if a device initiated DMA into a specific
guest address. In a reported case, this issue presented on a system that
had a guest using the 8139cp network driver. (BZ#816207)
All users of kvm are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Note that the procedure
in the Solution section must be performed before this update will take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated kvm packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for\nLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for\nthe standard Red Hat Enterprise Linux kernel.\n\nA flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled.\nCalling this ioctl when at least one virtual CPU (VCPU) already existed\ncould lead to a NULL pointer dereference later when the VCPU is scheduled\nto run. A malicious user in the kvm group on the host could use this flaw\nto crash the host. (CVE-2012-1601)\n\nA flaw was found in the way device memory was handled during guest device\nremoval. Upon successful device removal, memory used by the device was not\nproperly unmapped from the corresponding IOMMU or properly released from\nthe kernel, leading to a memory leak. A malicious user in the kvm group on\nthe host who has the ability to assign a device to a guest could use this\nflaw to crash the host. (CVE-2012-2121)\n\nThis update also fixes the following bug:\n\n* An off-by-one error in the QEMU guest\u0027s memory management could, in rare\ncases, cause QEMU-KVM to crash due to a segmentation fault in\ntb_invalidate_phys_page_range() if a device initiated DMA into a specific\nguest address. In a reported case, this issue presented on a system that\nhad a guest using the 8139cp network driver. (BZ#816207)\n\nAll users of kvm are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. Note that the procedure\nin the Solution section must be performed before this update will take\neffect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2012:0676",
"url": "https://access.redhat.com/errata/RHSA-2012:0676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "808199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199"
},
{
"category": "external",
"summary": "814149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814149"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0676.json"
}
],
"title": "Red Hat Security Advisory: kvm security and bug fix update",
"tracking": {
"current_release_date": "2024-11-05T17:45:34+00:00",
"generator": {
"date": "2024-11-05T17:45:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2012:0676",
"initial_release_date": "2012-05-21T13:47:00+00:00",
"revision_history": [
{
"date": "2012-05-21T13:47:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2012-05-21T13:49:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T17:45:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL Desktop Multi OS (v. 5 client)",
"product": {
"name": "RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_virtualization:5::client"
}
}
},
{
"category": "product_name",
"name": "RHEL Virtualization (v. 5 server)",
"product": {
"name": "RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_virtualization:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-tools-0:83-249.el5_8.4.x86_64",
"product": {
"name": "kvm-tools-0:83-249.el5_8.4.x86_64",
"product_id": "kvm-tools-0:83-249.el5_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm-tools@83-249.el5_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"product": {
"name": "kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"product_id": "kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm-debuginfo@83-249.el5_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"product": {
"name": "kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"product_id": "kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm-qemu-img@83-249.el5_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kvm-0:83-249.el5_8.4.x86_64",
"product": {
"name": "kvm-0:83-249.el5_8.4.x86_64",
"product_id": "kvm-0:83-249.el5_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm@83-249.el5_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kmod-kvm-0:83-249.el5_8.4.x86_64",
"product": {
"name": "kmod-kvm-0:83-249.el5_8.4.x86_64",
"product_id": "kmod-kvm-0:83-249.el5_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kmod-kvm@83-249.el5_8.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"product": {
"name": "kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"product_id": "kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kmod-kvm-debug@83-249.el5_8.4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kvm-0:83-249.el5_8.4.src",
"product": {
"name": "kvm-0:83-249.el5_8.4.src",
"product_id": "kvm-0:83-249.el5_8.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kvm@83-249.el5_8.4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-kvm-0:83-249.el5_8.4.x86_64 as a component of RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kmod-kvm-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Client-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-kvm-debug-0:83-249.el5_8.4.x86_64 as a component of RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Client-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0:83-249.el5_8.4.src as a component of RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.src"
},
"product_reference": "kvm-0:83-249.el5_8.4.src",
"relates_to_product_reference": "5Client-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0:83-249.el5_8.4.x86_64 as a component of RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Client-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-debuginfo-0:83-249.el5_8.4.x86_64 as a component of RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Client-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-qemu-img-0:83-249.el5_8.4.x86_64 as a component of RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Client-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-tools-0:83-249.el5_8.4.x86_64 as a component of RHEL Desktop Multi OS (v. 5 client)",
"product_id": "5Client-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-tools-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Client-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-kvm-0:83-249.el5_8.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kmod-kvm-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Server-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kmod-kvm-debug-0:83-249.el5_8.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Server-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0:83-249.el5_8.4.src as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.src"
},
"product_reference": "kvm-0:83-249.el5_8.4.src",
"relates_to_product_reference": "5Server-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-0:83-249.el5_8.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Server-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-debuginfo-0:83-249.el5_8.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Server-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-qemu-img-0:83-249.el5_8.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Server-VT-5.8.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kvm-tools-0:83-249.el5_8.4.x86_64 as a component of RHEL Virtualization (v. 5 server)",
"product_id": "5Server-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
},
"product_reference": "kvm-tools-0:83-249.el5_8.4.x86_64",
"relates_to_product_reference": "5Server-VT-5.8.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2012-1601",
"discovery_date": "2012-03-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "808199"
}
],
"notes": [
{
"category": "description",
"text": "The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: kvm: irqchip_in_kernel() and vcpu-\u003earch.apic inconsistency",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0571.html. This has been addressed in Red Hat Enterprise Linux 5 via RHSA-2012:0676 https://rhn.redhat.com/errata/RHSA-2012-0676.html.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-1601"
},
{
"category": "external",
"summary": "RHBZ#808199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=808199"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-1601",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-1601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1601"
}
],
"release_date": "2012-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-05-21T13:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.",
"product_ids": [
"5Client-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0676"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"5Client-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: kvm: irqchip_in_kernel() and vcpu-\u003earch.apic inconsistency"
},
{
"cve": "CVE-2012-2121",
"discovery_date": "2012-04-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "814149"
}
],
"notes": [
{
"category": "description",
"text": "The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kvm: device assignment page leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2012-2121"
},
{
"category": "external",
"summary": "RHBZ#814149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=814149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2012-2121",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-2121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2121"
}
],
"release_date": "2012-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2012-05-21T13:47:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nThe following procedure must be performed before this update will take\neffect:\n\n1) Stop all KVM guest virtual machines.\n\n2) Either reboot the hypervisor machine or, as the root user, remove (using\n\"modprobe -r [module]\") and reload (using \"modprobe [module]\") all of the\nfollowing modules which are currently running (determined using \"lsmod\"):\nkvm, ksm, kvm-intel or kvm-amd.\n\n3) Restart the KVM guest virtual machines.",
"product_ids": [
"5Client-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2012:0676"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.7,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"5Client-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Client-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Client-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kmod-kvm-debug-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.src",
"5Server-VT-5.8.Z:kvm-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-debuginfo-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-qemu-img-0:83-249.el5_8.4.x86_64",
"5Server-VT-5.8.Z:kvm-tools-0:83-249.el5_8.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kvm: device assignment page leak"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.