Lucene search

K

[email protected]NVD:CVE-2011-1898

HistoryAug 12, 2011 - 6:55 p.m.

CVE-2011-1898

2011-08-1218:55:00

CWE-264

[email protected]

web.nvd.nist.gov

1

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by “using DMA to generate MSI interrupts by writing to the interrupt injection registers.”

Affected configurations

NVD

Node

citrixxenMatch4.0.0

OR

citrixxenMatch4.0.1

OR

citrixxenMatch4.1.0

References

lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html

lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html

lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html

theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html

www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf

xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html

xen.org/download/index_4.0.2.html

7.4 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

Related for NVD:CVE-2011-1898

suse3 debiancve1 nessus16 veracode1 altlinux1 cvelist1 cve1 ubuntucve1 prion1 openvas24 fedora5 debian1 osv1 securityvulns1 redhat3 centos1 oraclelinux4