Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
analyzing computer vulnerabilities since 1999
  home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability note CVE-2013-1952

Xen: denial of service via VT-d MSI

Synthesis of the vulnerability

An attacker, who is located in a guest system, can remap interruptions of a device, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform).
Severity: 2/4.
Creation date: 02/05/2013.
Identifiers: BID-59617, CERTA-2013-AVI-290, CTX137657, CVE-2013-1952, DSA-2666-1, FEDORA-2013-7426, FEDORA-2013-7432, openSUSE-SU-2013:1392-1, openSUSE-SU-2013:1404-1, SUSE-SU-2013:1075-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-12749, XSA-49.

Description of the vulnerability

A system using an Intel VT-d processor, can use the PCI Passthrough feature, so a device supporting Bus Mastering is accessible for guest systems.

However, in this configuration, the origin of interruption remapping queries is not checked.

An attacker, who is located in a guest system, can therefore remap interruptions of a device, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter 

Computer vulnerabilities tracking service

Vigil@nce provides networks vulnerabilities alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.



















Copyright 1999-2014 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française