4
CVE-2011-4347
- EPSS 0.37%
- Veröffentlicht 08.06.2013 13:05:55
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 3.1.9
Linux ≫ Linux Kernel Version3.1.1
Linux ≫ Linux Kernel Version3.1.2
Linux ≫ Linux Kernel Version3.1.3
Linux ≫ Linux Kernel Version3.1.4
Linux ≫ Linux Kernel Version3.1.5
Linux ≫ Linux Kernel Version3.1.6
Linux ≫ Linux Kernel Version3.1.7
Linux ≫ Linux Kernel Version3.1.8
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.284 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 1.9 | 6.9 |
AV:L/AC:H/Au:N/C:N/I:N/A:C
|
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.10
http://www.openwall.com/lists/oss-security/2011/11/24/7
https://bugzilla.redhat.com/show_bug.cgi?id=756084
https://github.com/torvalds/linux/commit/c4e7f9022e506c6635a5037713c37118e23193e4