Vigil@nce - Xen: denial of service via interruptions PCI
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can change the PCI interrupt mask in Xen, in order to
trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux
Enterprise Desktop, SLES, Ubuntu, Xen
Severity: 2/4
Creation date: 03/06/2015
DESCRIPTION OF THE VULNERABILITY
The Xen product may be configured to attribute some PCI address
ranges to a guest system.
Xen may mask interrupts from PCI devices when, for instance, they
can not handled. This is an internal feature and guest systems
should not be able to change the interrupt mask. However, writes
to these masks are not blocked. So Xen may receive an unmanageable
interrupt, which leads to host server failure.
An attacker that have administrator privileges in a guest system
can therefore change the PCI interrupt mask in Xen, in order to
trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-interruptions-PCI-17052