Xen ProjectXSA-33VT-d interrupt remapping source validation flaw
6.1 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
61.9%
ISSUE DESCRIPTION
When passing a device which is behind a legacy PCI Bridge through to a guest Xen incorrectly configures the VT-d hardware. This could allow incorrect interrupts to be injected to other guests which also have passthrough devices.
In a typical Xen system many devices are owned by domain 0 or driver domains, leaving them vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system.
IMPACT
A malicious domain, given access to a device which is behind a legacy PCI bridge, can mount a denial of service attack affecting the whole system.
VULNERABLE SYSTEMS
Xen version 4.0 onwards is vulnerable.
Only systems using Intel VT-d for PCI passthrough are vulnerable.
Any domain which is given access to a PCI device that is behind a legacy PCI bridge can take advantage of this vulnerability.
Domains which are given access to PCIe devices only are not able to take advantage of this vulnerability.
Related
6.1 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
61.9%