7.4 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
kernel is vulnerable to privilege escalation. The vulnerability exists using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details.
lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html
lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html
lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html
lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html
theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html
xen.org/download/index_4.0.2.html
access.redhat.com/errata/RHSA-2011:1189
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=715555
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1189