CVE-2011-1898 - OpenCVE

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:M/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Citrix	Xen

Configuration 1 [-]

OR	cpe:2.3:a:citrix:xen:4.0.0:::::::*
	cpe:2.3:a:citrix:xen:4.0.1:::::::*
	cpe:2.3:a:citrix:xen:4.1.0:::::::*

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html
http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf	Exploit
http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html
http://xen.org/download/index_4.0.2.html	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-08-12T18:00:00

Updated: 2011-08-23T09:00:00

Reserved: 2011-05-04T00:00:00

Link: CVE-2011-1898

JSON object: View

NVD Information

Status : Modified

Published: 2011-08-12T18:55:00.870

Modified: 2011-10-26T02:58:58.513

Link: CVE-2011-1898

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-08-23T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SU-2011:0942", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xen.org/download/index_4.0.2.html"}, {"name": "[xen-dev] 20110512 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"}, {"name": "FEDORA-2011-8403", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"}, {"name": "openSUSE-SU-2011:0941", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"}, {"name": "FEDORA-2011-8421", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2011:0942", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"}, {"name": "http://xen.org/download/index_4.0.2.html", "refsource": "CONFIRM", "url": "http://xen.org/download/index_4.0.2.html"}, {"name": "[xen-dev] 20110512 Xen security advisory CVE-2011-1898 - VT-d (PCI passthrough) MSI", "refsource": "MLIST", "url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"}, {"name": "FEDORA-2011-8403", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"}, {"name": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf", "refsource": "MISC", "url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"}, {"name": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html", "refsource": "MISC", "url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"}, {"name": "openSUSE-SU-2011:0941", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"}, {"name": "FEDORA-2011-8421", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-1898", "datePublished": "2011-08-12T18:00:00", "dateReserved": "2011-05-04T00:00:00", "dateUpdated": "2011-08-23T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citrix:xen:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FCB3C3E5-3A28-4CC6-806F-8B47CD4C9FC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xen:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "85FC6697-35A5-419F-AFD1-9F327A0613BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:citrix:xen:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "385F592C-CDE0-4AB8-9C1B-7884776055CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by \"using DMA to generate MSI interrupts by writing to the interrupt injection registers.\""}, {"lang": "es", "value": "Xen v4.1 anterior a v4.1.1 y v4.0 anterior a v4.0.2, cuando usa PCI passthrough sobre chipsets Intel VT-d que no tienen que interrumplir remapeado, permite a usuarios invitados del OS obtener privilegios de anfitri\u00f3n \"usando DMA para generar interrupciones MSI escribiendo en el registro de inyecci\u00f3n de interrupci\u00f3\"n."}], "id": "CVE-2011-1898", "lastModified": "2011-10-26T02:58:58.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-08-12T18:55:00.870", "references": [{"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html"}, {"source": "cve@mitre.org", "url": "http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf"}, {"source": "cve@mitre.org", "url": "http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://xen.org/download/index_4.0.2.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}