Lucene search

[email protected]CVE-2012-2121

HistoryMay 17, 2012 - 11:00 a.m.

CVE-2012-2121

2012-05-1711:00:00

CWE-264

[email protected]

web.nvd.nist.gov

linux

kernel

kvm

cve-2012-2121

denial of service

memory leak

nvd

5.8 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

25.6%

JSON

The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.3.3

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.3.3

References

rhn.redhat.com/errata/RHSA-2012-0676.html

rhn.redhat.com/errata/RHSA-2012-0743.html

secunia.com/advisories/50732

www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4

www.openwall.com/lists/oss-security/2012/04/19/16

www.securitytracker.com/id?1027083

www.ubuntu.com/usn/USN-1577-1

www.ubuntu.com/usn/USN-2036-1

www.ubuntu.com/usn/USN-2037-1

bugzilla.redhat.com/show_bug.cgi?id=814149

github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195

5.8 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

25.6%

JSON

Related for CVE-2012-2121

prion1 ubuntucve1 nessus25 openvas36 centos2 redhat2 ubuntu10 oraclelinux5 fedora3 securityvulns1 osv1 debian1