Denial Of Service (DoS)

2023-11-3020:55:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

xen

denial of service

amd-vi specification

hardware

iommu tlb

device malfunctions

stale dma mappings

unauthorized access

application crash

memory regions

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

xen is vulnerable to Denial Of Service (DoS). The vulnerability exists due to incorrect caching invalidation guidelines in the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) on certain hardware. Updating specific fields of the DTE without flushing the IOMMU TLB can lead to device malfunctions (e.g., stale DMA mappings). These stale mappings may point to memory ranges not owned by the guest, potentially allowing unauthorized access to unintended memory regions and resulting in an application crash.

CPENameOperatorVersion
xen:3.15eq4.15.5-r2
xen:3.15eq4.15.5-r1
xen:3.15eq4.15.4-r3
xen:3.15eq4.15.3-r3
xen:3.15eq4.15.3-r2
xen:3.15eq4.15.1-r2
xen:3.15eq4.15.1-r0
xen:3.15eq4.15.2-r1
xen:3.15eq4.15.3-r0
xen:3.15eq4.15.4-r0

Name	Operator	Version
xen:3.15	eq	4.15.5-r2
xen:3.15	eq	4.15.5-r1
xen:3.15	eq	4.15.4-r3
xen:3.15	eq	4.15.3-r3
xen:3.15	eq	4.15.3-r2
xen:3.15	eq	4.15.1-r2
xen:3.15	eq	4.15.1-r0
xen:3.15	eq	4.15.2-r1
xen:3.15	eq	4.15.3-r0
xen:3.15	eq	4.15.4-r0