#VU44803 Permissions, Privileges, and Access Controls in Xen - CVE-2011-1898
Vulnerability identifier: #VU44803
Vulnerability risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Xen
Server applications /
Virtualization software
Vendor: Xen Project
Description
The vulnerability allows a remote #AU# to execute arbitrary code.
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
Mitigation
Install update from vendor's website.
Vulnerable software versions
Xen: 4.0.0 - 4.1.0
External links
https://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html
https://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html
https://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html
https://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
https://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
https://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html
https://xen.org/download/index_4.0.2.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
