Published: 08/06/2013 Updated: 10/06/2013

CVSS v2 Base Score: 4 | Impact Score: 6.9 | Exploitability Score: 1.9

VMScore: 357

Vector: AV:L/AC:H/Au:N/C:N/I:N/A:C

The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel prior to 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.1.3
linux linux kernel 3.1.2
linux linux kernel 3.1.1
linux linux kernel 3.1.8
linux linux kernel 3.1.5
linux linux kernel
linux linux kernel 3.1.7
linux linux kernel 3.1.6
linux linux kernel 3.1.4

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-4307 Nageswara R Sastry reported an issue in the ext4 filesystem Local users with the privileges to mount a filesystem c ...

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kernel packages that fix various security issues and several bugsare now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix various security issues and three bugs arenow available for Red Hat Enterprise Linux 61 Extended Update SupportThe Red Hat Security Response Team has rated this update a ...

Synopsis Moderate: kvm security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated kvm packages that fix one security issue and several bugs are nowavailable for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact A C ...

Several security issues were fixed in the kernel ...

A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk (CVE-2011-4077, Moderate) Flaws in ghash_update() and ghash_final() co ...

CWE-264 https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4 https://bugzilla.redhat.com/show_bug.cgi?id=756084 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10 http://www.openwall.com/lists/oss-security/2011/11/24/7 https://nvd.nist.gov https://www.debian.org/security/./dsa-2443 https://usn.ubuntu.com/1422-1/

Get Started

CVE-2011-4347

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect