Ack: Re: [CVE-2011-4347] kvm device assignment permissions checks (part 2)

Herton Ronaldo Krzesinski herton.krzesinski at
Mon Mar 12 14:43:43 UTC 2012

On Mon, Mar 12, 2012 at 02:06:34PM +0000, Andy Whitcroft wrote:
> CVE-2011-4347
> 	It was found that kvm_vm_ioctl_assign_device function did not check
> 	if the user requesting assignment was privileged or not. Together
> 	with /dev/kvm being 666, unprivileged user could assign unused
> 	pci devices, or even devices that were in use and whose resources
> 	were not properly claimed by the respective drivers.  Please note
> 	that privileged access was still needed to re-program the device
> 	to for example issue DMA requests. This is typically achieved by
> 	touching files on sysfs filesystem. These files are usually not
> 	accessible to unprivileged users.  As a result, local user could
> 	use this flaw to crash the system.
> It seems that there are actually two patches required to completely
> close this flaw, this update carries the second patch.  This issue only
> applied to lucid and later, and fixes for this have hit precise already
> via mainline.  ARM is unaffected as KVM does not apply there.  Following
> this email are three patches.  The first (for lucid) is a trivial backport
> tracking code location changes.  The second (for maverick and natty) is
> a trivial backport tracking the introduction of the KVM documentation.
> The third (for oneiric) is a simple cherry-pick.  In all cases the code
> change applied without reject.
> Proposing for lucid, maverick, natty, and oneiric.
> -apw
> -- 
> kernel-team mailing list
> kernel-team at


More information about the kernel-team mailing list