Vigil@nce - Xen: denial of service via PCI Command Register
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker in a guest system can change the PCI Command Register
on Xen, in order to trigger a denial of service on the host system.
– Impacted products: Unix (platform)
– Severity: 1/4
– Creation date: 10/03/2015
DESCRIPTION OF THE VULNERABILITY
The Xen product supports devices in mode Pass Through.
However, a guest system can change all bits of the PCI Command
Register, such as those disabling the memory decoding.
An attacker in a guest system can therefore change the PCI Command
Register on Xen, in order to trigger a denial of service on the
host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-PCI-Command-Register-16356