CVE-2011-1898

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:S/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
citrixxen
4.0.0
citrixxen
4.0.1
citrixxen
4.1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
hardy
dne
lucid
dne
maverick
dne
natty
dne
xen-3.1
hardy
not-affected
lucid
dne
maverick
dne
natty
dne
xen-3.2
hardy
ignored
lucid
dne
maverick
dne
natty
dne
xen-3.3
hardy
dne
lucid
not-affected
maverick
not-affected
natty
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
kernel
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-bootwrapper
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-debug
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-debug-devel
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-devel
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-doc
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-firmware
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-headers
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-kdump
RHEL 6
0:2.6.32-131.12.1.el6
fixed
kernel-kdump-devel
RHEL 6
0:2.6.32-131.12.1.el6
fixed
perf
RHEL 6
0:2.6.32-131.12.1.el6
fixed
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html
http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html
http://xen.org/download/index_4.0.2.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html
http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
http://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html
http://xen.org/download/index_4.0.2.html