CVE-2012-2121
First published: Thu Apr 19 2012(Updated: )
KVM uses memory slots to track and map guest regions of memory. When device assignment is used, the pages backing these slots are pinned in memory using get_user_pages and mapped into the iommu. The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu. The problem is that those pages are now never unpinned and continue to have an increased reference count. This is therefore a potential page leak from the kvm kernel module. On Red Hat Enterprise Linux, local user with ability to assign device (with access to PCI sysfs files for a device) could use this flaw to DoS the system. With upstream qemu-kvm/kvm privileged guest user that could hotunplug and then hotplug back certain devices could potentially use this flaw to DoS the host. Upstream fixes: <a href="http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=32f6daad4651a748a58a3ab6da0611862175722f">http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=32f6daad4651a748a58a3ab6da0611862175722f</a> <a href="http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=21a1416a1c945c5aeaeaf791b63c64926018eb77">http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=21a1416a1c945c5aeaeaf791b63c64926018eb77</a> References: <a href="https://lkml.org/lkml/2012/4/11/248">https://lkml.org/lkml/2012/4/11/248</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=3.3.3 | |
| debian/linux-2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2012-0676.html
- http://rhn.redhat.com/errata/RHSA-2012-0743.html
- http://secunia.com/advisories/50732
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4
- http://www.openwall.com/lists/oss-security/2012/04/19/16
- http://www.securitytracker.com/id?1027083
- http://www.ubuntu.com/usn/USN-1577-1
- http://www.ubuntu.com/usn/USN-2036-1
- http://www.ubuntu.com/usn/USN-2037-1
- https://bugzilla.redhat.com/show_bug.cgi?id=814149
- https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195
- https://launchpad.net/bugs/cve/CVE-2012-2121
- http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=32f6daad4651a748a58a3ab6da0611862175722f
- http://git.kernel.org/?p=virt/kvm/kvm.git;a=commit;h=21a1416a1c945c5aeaeaf791b63c64926018eb77
- https://lkml.org/lkml/2012/4/11/248
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=814155
- https://rhn.redhat.com/errata/RHSA-2012-0676.html
- https://rhn.redhat.com/errata/RHSA-2012-0743.html
- https://security-tracker.debian.org/tracker/CVE-2012-2121
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2121
- https://nvd.nist.gov/vuln/detail/CVE-2012-2121
- https://ubuntu.com/security/CVE-2012-2121
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-2121
- agent/author
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/severity
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/description
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.3.3
- package-manager/debian