thr3ads.net - Xen devel - Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges [May 2013]

If this information is useful, please help other people find it:
Share via:

Xen.org security team

2013-May-02 15:04 UTC

Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

             Xen Security Advisory CVE-2013-1952 / XSA-49
                              version 2

        VT-d interrupt remapping source validation flaw for bridges

UPDATES IN VERSION 2
===================
Public release.

ISSUE DESCRIPTION
================
Interrupt remapping table entries for MSI interrupts set up by bridge
devices did not get any source validation set up on them, allowing
misbehaving or malicious guests to inject interrupts into the domain
owning the bridges.

In a typical Xen system bridge devices are owned by domain 0, leaving
it vulnerable to such an attack. Such a DoS is likely to have an impact
on other guests running in the system.

IMPACT
=====
A malicious domain, given access to a device which bus mastering
capable, can mount a denial of service attack affecting the whole
system.

VULNERABLE SYSTEMS
=================
Xen version 4.0 onwards is vulnerable.

Only systems using Intel VT-d for PCI passthrough are vulnerable.

Any domain which is given access to a PCI device that is bus mastering
capable can take advantage of this vulnerability.

MITIGATION
=========
This issue can be avoided by not assigning PCI devices to untrusted
guests.

RESOLUTION
=========
Applying the appropriate attached patch resolves this issue.

xsa49-unstable.patch          Xen xen-unstable
xsa49-4.2.patch               Xen 4.2.x
xsa49-4.1.patch               Xen 4.1.x

$ sha256sum xsa49-*.patch
666aec709795163e7c19e99f71ff88cb9a4d66f3f0599ef66446310323fd8d9e 
xsa49-4.1.patch
37055cbc74111cbc507af3f09d6ac2e472f24efd54cd3e08583dc635e66a539f 
xsa49-4.2.patch
ba07b4ff0393084282edc24db7f03eb95b0a4bbc8d40d6ede601d0182a0fc852 
xsa49-unstable.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJRgnfXAAoJEIP+FMlX6CvZoHsH/jNpyc3Y1ga9GPQSxZ+GaXme
z/TzcW1gZsP8TVlsoXJbGSVMbDLNLkTA7LpPkep/tSNOfQ3Umg/70sLtvXmpm2PR
zvpLgjpKut5ziqLLhFX1kTRZIrg9X8p9k9DHiq3JKK7WUZ1S21i8zQH8w6k9R2Q5
JO6WTP5VidDVByn23HcIwUI1/z4mbPIe5MI2/I81dbw3BnMLHeX8RGlIHz1Cj729
W7UqRDkivdH0CjF4D/hBskcI+3bZOS2I+JrQf78YP5kq2zr1tSJ6wH9VhxgI0ku1
LgmmEPfqoeCXK8/s0QcLFj+nAMx6OZWeTPJ31RT41106ZWku+gazddFsZJ+PeuY=no/g
-----END PGP SIGNATURE-----




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Xen devel - May 2013 - Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges

Xen Security Advisory 49 (CVE-2013-1952) - VT-d interrupt remapping source validation flaw for bridges