FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

LinkBack Thread Tools
Old 03-12-2012, 01:19 PM
Stefan Bader
Default ACK w/cmnt: kvm device assignment permissions checks (part 2)

On 12.03.2012 15:06, Andy Whitcroft wrote:
> CVE-2011-4347
> It was found that kvm_vm_ioctl_assign_device function did not check
> if the user requesting assignment was privileged or not. Together
> with /dev/kvm being 666, unprivileged user could assign unused
> pci devices, or even devices that were in use and whose resources
> were not properly claimed by the respective drivers. Please note
> that privileged access was still needed to re-program the device
> to for example issue DMA requests. This is typically achieved by
> touching files on sysfs filesystem. These files are usually not
> accessible to unprivileged users. As a result, local user could
> use this flaw to crash the system.
> It seems that there are actually two patches required to completely
> close this flaw, this update carries the second patch. This issue only
> applied to lucid and later, and fixes for this have hit precise already
> via mainline. ARM is unaffected as KVM does not apply there. Following
> this email are three patches. The first (for lucid) is a trivial backport
> tracking code location changes. The second (for maverick and natty) is
> a trivial backport tracking the introduction of the KVM documentation.
> The third (for oneiric) is a simple cherry-pick. In all cases the code
> change applied without reject.
> Proposing for lucid, maverick, natty, and oneiric.
> -apw
Patch against code looks ok. Just minor nitpick that the maverick/natty backport
dropping the documentation change is marked as cherry pick.

kernel-team mailing list

Thread Tools

All times are GMT. The time now is 08:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org