CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.3%
An optional feature of PCI MSI called “Multiple Message” allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X, the setting up of these consecutive vectors needs to happen all in one go. In this handling an error path could be taken in different situations, with or without a particular lock held. This error path wrongly releases the lock even when it is not currently held.
Denial of Service (DoS) affecting the entire host, crashes, information leaks, or elevation of privilege all cannot be ruled out.
Xen versions 4.4 and newer are vulnerable. Xen versions 4.3 and older are not vulnerable.
Only x86 guest which have a multi-vector MSI capable device passed through to them can leverage the vulnerability.