Vigil@nce - Xen: read-write access via PCI Register
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass access restrictions of PCI Register in Pass
Through mode of Xen, in order to trigger a denial of service, and
possibly to execute code.
Impacted products: XenServer, Debian, Fedora, openSUSE, SUSE Linux
Enterprise Desktop, SLES, Ubuntu, Xen
Severity: 2/4
Creation date: 03/06/2015
DESCRIPTION OF THE VULNERABILITY
The Xen product may be configured to attribute some PCI address
ranges to a guest system.
However, Qemu allows guest systems to read and write in PCI
configuration registers.
An attacker can therefore bypass access restrictions of PCI
Register in Pass Through mode of Xen, in order to trigger a denial
of service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-read-write-access-via-PCI-Register-17055