CVE-2011-1898
published 2011-08-12CVE-2011-1898: Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to…
PriorityP431high7.4CVSS 2.0
AVAACMAuSCCICAC
EPSS
0.85%
53.6th percentile
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | xen | — | — |
| citrix | xen | — | — |
| citrix | xen | — | — |
| debian | xen | < xen 4.1.1-1 (bookworm) | xen 4.1.1-1 (bookworm) |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
| xen | xen | >= 0 < 4.1.1-1 | 4.1.1-1 |
CVSS provenance
nvdv2.07.4HIGHAV:A/AC:M/Au:S/C:C/I:C/A:C
osv7.4HIGH
vendor_debian7.4HIGH
vendor_redhat7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-567h-gr95-57mc: Xen 4
ghsa_unreviewed·2022-05-17
CVE-2011-1898 [HIGH] GHSA-567h-gr95-57mc: Xen 4
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
OSV
CVE-2011-1898: Xen 4
osv·2011-08-12·CVSS 7.4
CVE-2011-1898 [HIGH] CVE-2011-1898: Xen 4
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
Red Hat
virt: VT-d (PCI passthrough) MSI trap injection
vendor_redhat·2011-04-13·CVSS 7.4
CVE-2011-1898 [HIGH] CWE-284 virt: VT-d (PCI passthrough) MSI trap injection
virt: VT-d (PCI passthrough) MSI trap injection
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
Statement: This issue did affect the versions of kernel package as shipped with Red Hat Enterprise Linux 5.
This issue did affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5. Red Hat cannot backport the fix though as it is too invasive and has a high risk of introducing severe regressions at this point in the Red Hat Enterprise Linux 5 life-cycle. As such, Red Hat recommends that users of KVM on Red Hat Enterprise Linux 5 only use PCI passthrough w
Debian
CVE-2011-1898: xen - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel V...
vendor_debian·2011·CVSS 7.4
CVE-2011-1898 [HIGH] CVE-2011-1898: xen - Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel V...
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
Scope: local
bookworm: resolved (fixed in 4.1.1-1)
bullseye: resolved (fixed in 4.1.1-1)
forky: resolved (fixed in 4.1.1-1)
sid: resolved (fixed in 4.1.1-1)
trixie: resolved (fixed in 4.1.1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection [fedora-all]
bugzilla·2011-10-25·CVSS 7.4
CVE-2011-1898 [HIGH] CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection [fedora-all]
CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=715555
Please note: this issue affects multiple
Bugzilla
CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection
bugzilla·2011-06-23·CVSS 7.4
CVE-2011-1898 [HIGH] CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection
CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection
Problem description:
Intel VT-d chipsets without interrupt remapping do not prevent a guest which owns a PCI device from using DMA to generate MSI interrupts by writing to the interrupt injection registers. This can be exploited to inject traps and gain control of the host.
References:
http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00687.html
http://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
http://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
Discussion:
Issue
The fix for CVE-2011-1898 introduced a regression in the way PCI passthrough works. Depending on how virtualization guests are configured to use PCI passthrough devices, t
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.htmlhttp://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.htmlhttp://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdfhttp://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.htmlhttp://xen.org/download/index_4.0.2.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.htmlhttp://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.htmlhttp://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdfhttp://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.htmlhttp://xen.org/download/index_4.0.2.html
2011-08-12
Published