CVE-2011-3131

Severity CVSS v4.0:

Pending analysis

Type:

CWE-399 Resource Management Errors

Publication date:

13/12/2012

Last modified:

13/12/2012

Description

Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock.

Impact

Vector 2.0

AV:L/AC:L/Au:S/C:N/I:N/A:C CVSS v2.0 Severity and Metrics:

Base Score: 4.60 MEDIUM
Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): None
Integrity (I): None
Availability (A): Complete

Base Score 2.0

4.60

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:xen:xen::::::::		4.1.1 (including)

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html
http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html
http://secunia.com/advisories/45622
http://secunia.com/advisories/51468
http://www.debian.org/security/2012/dsa-2582
http://www.securityfocus.com/bid/49146
http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a