6.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
65.2%
An internal flag is used to temporarily suppress IOMMU TLB flushes, in order to consolidate multiple single page flushes into one wider flush. This flag is not cleared again, on certain error paths. This can result in TLB flushes not happening when they are needed. Retaining stale TLB entries could allow guests access to memory that ought to have been revoked, or grant greater access than intended.
Malicious guest administrators might be able to cause host-wide denial of service, or escalate their privilege to that of the host.
Only VMs which have been assigned PCI devices can exploit the bug.
Only systems using Intel VT-d are vulnerable, since the bug is in the VT-d specific code in Xen.
Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not vulnerable.