APPLIED: [CVE-2011-4347] kvm device assignment permissions checks
Tim Gardner
rtg.canonical at gmail.com
Tue Feb 28 17:19:25 UTC 2012
On 02/28/2012 08:11 AM, Andy Whitcroft wrote:
> CVE-2011-4347
> It was found that kvm_vm_ioctl_assign_device function did not check
> if the user requesting assignment was privileged or not. Together
> with /dev/kvm being 666, unprivileged user could assign unused
> pci devices, or even devices that were in use and whose resources
> were not properly claimed by the respective drivers. Please note
> that privileged access was still needed to re-program the device
> to for example issue DMA requests. This is typically achieved by
> touching files on sysfs filesystem. These files are usually not
> accessible to unprivileged users. As a result, local user could
> use this flaw to crash the system.
>
> Following this email are two patches. The first is for lucid and is a
> backport from the upstream commit following the code back to an older
> filename. The second is for maverick, natty, and oneiric and is also a
> minor backport from the upstream commit, dropping the documentation
> updates for the older releases.
>
> Proposing for lucid, maverick, natty and oneiric.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list