CVE-2012-2121 - Acceptive Control

Description

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=814149 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4 http://www.openwall.com/lists/oss-security/2012/04/19/16 https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195 http://www.securitytracker.com/id?1027083 http://rhn.redhat.com/errata/RHSA-2012-0743.html http://www.ubuntu.com/usn/USN-1577-1 http://secunia.com/advisories/50732 http://www.ubuntu.com/usn/USN-2037-1 http://www.ubuntu.com/usn/USN-2036-1 http://rhn.redhat.com/errata/RHSA-2012-0676.html