CVE-2011-1898 — Improper Access Control in XEN

CWE-264 CWE-284 — Improper Access Control7 documents6 sources

Severity

7.4HIGHNVD

EPSS

0.6%

top 30.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Citrix XEN

Timeline

PublishedAug 12

Latest updateMay 17

Description

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

CVSS vector

AV:A/AC:M/C:C/I:C/A:CExploitability: 4.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.1-1 (bookworm)

▶Debianxen/xen< 4.1.1-1+3

▶NVDcitrix/xen4.0.0, 4.0.1, 4.1.0+2

Patches

Patch: xen.org ↗Patch: xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-567h-gr95-57mc: Xen 4↗2022-05-17

▶

OSV

CVE-2011-1898: Xen 4↗2011-08-12

▶

📋Vendor Advisories

Red Hat

virt: VT-d (PCI passthrough) MSI trap injection↗2011-04-13

▶

Debian

CVE-2011-1898: xen - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel V...↗2011

▶

💬Community

Bugzilla

CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection [fedora-all]↗2011-10-25

▶

Bugzilla

CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection↗2011-06-23

▶