Date: Thu, 24 Nov 2011 10:57:44 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request -- kernel: kvm: device assignment DoS On 11/24/2011 10:49 AM, Petr Matousek wrote: > It was found that kvm_vm_ioctl_assign_device function did not check if > the user requesting assignment was privileged or not. Together with > /dev/kvm being 666, unprivileged user could assign unused pci devices, > or even devices that were in use and whose resources were not properly > claimed by the respective drivers. > > Please note that privileged access was still needed to re-program the > device to for example issue DMA requests. This is typically achieved by > touching files on sysfs filesystem. These files are usually not > accessible to unprivileged users. > > As a result, local user could use this flaw to crash the system. > > Reference: > https://bugzilla.redhat.com/show_bug.cgi?id=756084 > http://thread.gmane.org/gmane.comp.emulators.kvm.devel/82043 > > Thanks, Please use CVE-2011-4347 for this issue. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ