Lucene search

PRIOn knowledge basePRION:CVE-2011-1898

HistoryAug 12, 2011 - 6:55 p.m.

Design/Logic Flaw

2011-08-1218:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

27.5%

JSON

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by “using DMA to generate MSI interrupts by writing to the interrupt injection registers.”

CPENameOperatorVersion
xeneq4.1.0
xeneq4.0.0
xeneq4.0.1

Name	Operator	Version
xen	eq	4.1.0
xen	eq	4.0.0
xen	eq	4.0.1

References

lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html

lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html

www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf

xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html

xen.org/download/index_4.0.2.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html

lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html

theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html

7.3 High

AI Score

Confidence

Low

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

27.5%

JSON

Related for PRION:CVE-2011-1898