-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2013-1952 / XSA-49 version 3 VT-d interrupt remapping source validation flaw for bridges UPDATES IN VERSION 3 ==================== Normalize version tags ISSUE DESCRIPTION ================= Interrupt remapping table entries for MSI interrupts set up by bridge devices did not get any source validation set up on them, allowing misbehaving or malicious guests to inject interrupts into the domain owning the bridges. In a typical Xen system bridge devices are owned by domain 0, leaving it vulnerable to such an attack. Such a DoS is likely to have an impact on other guests running in the system. IMPACT ====== A malicious domain, given access to a device which bus mastering capable, can mount a denial of service attack affecting the whole system. VULNERABLE SYSTEMS ================== Xen version 4.0 onwards is vulnerable. Only systems using Intel VT-d for PCI passthrough are vulnerable. Any domain which is given access to a PCI device that is bus mastering capable can take advantage of this vulnerability. MITIGATION ========== This issue can be avoided by not assigning PCI devices to untrusted guests. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. xsa49-unstable.patch xen-unstable xsa49-4.2.patch Xen 4.2.x xsa49-4.1.patch Xen 4.1.x $ sha256sum xsa49-*.patch 666aec709795163e7c19e99f71ff88cb9a4d66f3f0599ef66446310323fd8d9e xsa49-4.1.patch 37055cbc74111cbc507af3f09d6ac2e472f24efd54cd3e08583dc635e66a539f xsa49-4.2.patch ba07b4ff0393084282edc24db7f03eb95b0a4bbc8d40d6ede601d0182a0fc852 xsa49-unstable.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmV8b+gMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZkKsH/0veTXoO7Nz3lPcacPoxaruodSkpfT1hoegdbuun /oNLiZLR4pcBpn9HPfnpfODuLmeV0JKKB2Fmd1NfP65wnKS3yWsqNhDsDdgm6QlV u2VGorqgFvMXItOA2fE5LF/+/3A8OEGsOF+8fYRTNPMSdQry4gqJrZJhtICYkk6L dv59Vqq2DQAjNw27JheZBosbA5neqazHjMK71wEtIZrz/4LZ+UM1diNBvw1m5USF pA9TEok3bPBgU8W3pU/UptgF4ywVgolfSU45G8Y7o2c+V+pMnmFDKe1D7Si9b09E dmsQUGUMTJOsXCll1ep0COaVfk0CKQEdLUyt7SGpNlIojPw= =ccim -----END PGP SIGNATURE-----