Vigil@nce: Xen, denial of service via PCI/PCIe
September 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker, who is administrator in a Xen guest system, can use
PCI or PCIe, in order to stop the host system.
– Severity: 1/4
– Creation date: 23/09/2011
IMPACTED PRODUCTS
– Fedora
– SUSE Linux Enterprise Desktop
– SUSE Linux Enterprise Server
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
Xen virtualizes devices using the PCI or PCIe (Peripheral
Component Interconnect Express) interface. An administrator in a
guest system can access it.
The administrator can send DMA (Direct Memory Address) queries
with an invalid memory address to the PCI interface. The IOMMU
(Input/Output Memory Management Unit) rejects these queries.
However, they consume a lot of resources, and can lock the host
system.
An attacker, who is administrator in a Xen guest system, can
therefore use PCI or PCIe, in order to stop the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-PCI-PCIe-11009