Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1898

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

Published

2011-08-12T18:55:00.870

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.4 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:S/C:C/I:C/A:C

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

4.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	citrix	xen	4.0.0	Yes
Application	citrix	xen	4.0.1	Yes
Application	citrix	xen	4.1.0	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html ([email protected])
http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html ([email protected])
http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf Exploit ([email protected])
http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html ([email protected])
http://xen.org/download/index_4.0.2.html Patch ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html (af854a3a-2127-422b-91ae-364da2661108)
http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html (af854a3a-2127-422b-91ae-364da2661108)
http://xen.org/download/index_4.0.2.html Patch (af854a3a-2127-422b-91ae-364da2661108)