Information

AdvisoryXSA-49
Public release 2013-05-02 12:00
Updated 2023-12-15 15:35
Version 3
CVE(s) CVE-2013-1952
Title VT-d interrupt remapping source validation flaw for bridges

Files

advisory-49.txt (signed advisory file)
xsa49-4.1.patch
xsa49-4.2.patch
xsa49-unstable.patch

Advisory


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

             Xen Security Advisory CVE-2013-1952 / XSA-49
                               version 3

        VT-d interrupt remapping source validation flaw for bridges

UPDATES IN VERSION 3
====================

Normalize version tags

ISSUE DESCRIPTION
=================

Interrupt remapping table entries for MSI interrupts set up by bridge
devices did not get any source validation set up on them, allowing
misbehaving or malicious guests to inject interrupts into the domain
owning the bridges.

In a typical Xen system bridge devices are owned by domain 0, leaving
it vulnerable to such an attack. Such a DoS is likely to have an impact
on other guests running in the system.

IMPACT
======

A malicious domain, given access to a device which bus mastering
capable, can mount a denial of service attack affecting the whole
system.

VULNERABLE SYSTEMS
==================

Xen version 4.0 onwards is vulnerable.

Only systems using Intel VT-d for PCI passthrough are vulnerable.

Any domain which is given access to a PCI device that is bus mastering
capable can take advantage of this vulnerability.

MITIGATION
==========

This issue can be avoided by not assigning PCI devices to untrusted
guests.

RESOLUTION
==========

Applying the appropriate attached patch resolves this issue.

xsa49-unstable.patch          xen-unstable
xsa49-4.2.patch               Xen 4.2.x
xsa49-4.1.patch               Xen 4.1.x

$ sha256sum xsa49-*.patch
666aec709795163e7c19e99f71ff88cb9a4d66f3f0599ef66446310323fd8d9e  xsa49-4.1.patch
37055cbc74111cbc507af3f09d6ac2e472f24efd54cd3e08583dc635e66a539f  xsa49-4.2.patch
ba07b4ff0393084282edc24db7f03eb95b0a4bbc8d40d6ede601d0182a0fc852  xsa49-unstable.patch
$
-----BEGIN PGP SIGNATURE-----

iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmV8b+gMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZkKsH/0veTXoO7Nz3lPcacPoxaruodSkpfT1hoegdbuun
/oNLiZLR4pcBpn9HPfnpfODuLmeV0JKKB2Fmd1NfP65wnKS3yWsqNhDsDdgm6QlV
u2VGorqgFvMXItOA2fE5LF/+/3A8OEGsOF+8fYRTNPMSdQry4gqJrZJhtICYkk6L
dv59Vqq2DQAjNw27JheZBosbA5neqazHjMK71wEtIZrz/4LZ+UM1diNBvw1m5USF
pA9TEok3bPBgU8W3pU/UptgF4ywVgolfSU45G8Y7o2c+V+pMnmFDKe1D7Si9b09E
dmsQUGUMTJOsXCll1ep0COaVfk0CKQEdLUyt7SGpNlIojPw=
=ccim
-----END PGP SIGNATURE-----


Xenproject.org Security Team