VT-d: Failure to quarantine devices in !HVM builds

2024-01-3012:00:00

Xen Project

xenbits.xen.org

xen

preprocessor directive

device quarantine

hvm builds

logic failure

vulnerable systems

vt-d iommu.

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

ISSUE DESCRIPTION

Incorrect placement of a preprocessor directive in source code results in logic that doesn’t operate as intended when support for HVM guests is compiled out of Xen.

IMPACT

When a device is removed from a domain, it is not properly quarantined and retains its access to the domain to which it was previously assigned.

VULNERABLE SYSTEMS

Xen 4.17 and onwards are vulnerable. Xen 4.16 and older are not vulnerable.
Only Xen running on x86 platforms with an Intel-compatible VT-d IOMMU is vulnerable. Platforms from other manufacturers, or platforms without a VT-d IOMMU are not vulnerable.
Only systems where PCI devices are passed through to untrusted or semi-trusted guests are vulnerable. Systems which do not assign PCI devices to untrusted guests are not vulnerable.
Xen is only vulnerable when CONFIG_HVM is disabled at build time. Most deployments of Xen are expected to have CONFIG_HVM enabled at build time, and would therefore not be vulnerable.