Vigil@nce - Xen: denial of service via PCI Command Register
April 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, located in an x86 HVM guest with a PCI device in
PassThrough, can alter the PCI Command Register of Xen, in order
to trigger a denial of service.
– Impacted products: Fedora, Unix (platform)
– Severity: 1/4
– Creation date: 31/03/2015
DESCRIPTION OF THE VULNERABILITY
The x86 PCI Command Register contains the Memory-decode and
I/O-decode bits.
However, if these bits are disabled for a PCI Express device, an
MMIO or input/output port access triggers a Unsupported Request
response, which generates a fatal error.
An attacker, located in an x86 HVM guest with a PCI device in
PassThrough, can therefore alter the PCI Command Register of Xen,
in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-PCI-Command-Register-16503