CVE-2011-4347
Last modified
CVE-2011-4347 is a vulnerability of currently unknown severity. The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 3.1.9 |
| Linux | Linux Kernel | 3.1.1 |
| Linux | Linux Kernel | 3.1.2 |
| Linux | Linux Kernel | 3.1.3 |
| Linux | Linux Kernel | 3.1.4 |
| Linux | Linux Kernel | 3.1.5 |
| Linux | Linux Kernel | 3.1.6 |
| Linux | Linux Kernel | 3.1.7 |
| Linux | Linux Kernel | 3.1.8 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=756084Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=756084Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-4347?
How severe is CVE-2011-4347?
How do I fix CVE-2011-4347?
Are you affected by CVE-2011-4347?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST