Description
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
References (8)
Core 8
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html
Patch x_refsource_confirm
http://xen.org/download/index_4.0.2.html
Various Sources mailing-list
x_refsource_mlist
http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html
Exploit x_refsource_misc
http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
Various Sources x_refsource_misc
http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html
Scores
EPSS
0.0062
EPSS Percentile
70.2%
Details
CWE
CWE-264
Status
published
Products (3)
citrix/xen
4.0.0
citrix/xen
4.0.1
citrix/xen
4.1.0
Published
Aug 12, 2011
Tracked Since
Feb 18, 2026