The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_enterprise_real_time_extension | Suse | 11.0-sp3 (including) | 11.0-sp3 (including) |
Evergreen | Opensuse | 11.4 (including) | 11.4 (including) |
Linux_enterprise_server | Suse | 11-sp2 (including) | 11-sp2 (including) |
Suse_linux_enterprise_server | Suse | 11 (including) | 11 (including) |