CVE-2011-3131 — XEN vulnerability

CWE-3996 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 83.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedDec 13

Latest updateMay 17

Description

Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.1 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.1.2-1 (bookworm)

▶Debianxen/xen< 4.1.2-1+3

▶NVDxen/xen4.1.1

🔴Vulnerability Details

GHSA

GHSA-86mp-q3fq-9h73: Xen 4↗2022-05-17

▶

OSV

CVE-2011-3131: Xen 4↗2012-12-13

▶

📋Vendor Advisories

Red Hat

kernel: xen: IOMMU fault livelock↗2011-08-12

▶

Debian

CVE-2011-3131: xen - Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] dev...↗2011

▶

💬Community

Bugzilla

CVE-2011-3131 kernel: xen: IOMMU fault livelock↗2011-08-12

▶