Vigil@nce - Xen: denial of service via VT-d and PCI Bridge
January 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When a PCI device is reachable from a Xen guest system, a local
attacker can inject interruptions, which are transmitted to other
guests, and lead to a denial of service.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 09/01/2013
DESCRIPTION OF THE VULNERABILITY
The VT-d (Virtualization Technology for Directed I/O) technology
allows a guest system to directly access to a real device, such as
PCI or PCIe.
The set_msi_source_id() function of the xen/drivers/passthrough/vtd/intremap.c
file processes interruptions on devices. However, it does not
correctly remaps interruptions for legacy PCI devices.
When a PCI device is reachable from a Xen guest system, a local
attacker can therefore inject interruptions, which are transmitted
to other guests, and lead to a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-VT-d-and-PCI-Bridge-12319