FKIE_CVE-2021-3308

Vulnerability from fkie_nvd - Published: 2021-01-26 20:15 - Updated: 2024-11-21 06:21
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2021/01/26/4Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://xenbits.xen.org/xsa/advisory-360.htmlPatch, Vendor Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN/
cve@mitre.orghttps://security.gentoo.org/glsa/202107-30Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/01/26/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-360.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202107-30Third Party Advisory
Impacted products
Vendor Product Version
xen xen *
xen xen 4.12.3
xen xen 4.12.4
fedoraproject fedora 32
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E098391E-2E24-44B7-8F28-7343DF9E58E6",
              "versionEndIncluding": "4.14.1",
              "versionStartIncluding": "4.13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "050028D1-C44E-4101-8FBA-9822AF11BCC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFFFC008-78C6-4256-8B78-AB9E1D374D93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Xen versiones 4.12.3 hasta 4.12.4 y versiones 4.13.1 hasta 4.14.x. Un invitado HVM x86 con PCI pasando a trav\u00e9s de los dispositivos puede forzar la asignaci\u00f3n de todos los vectores IDT en el sistema al reiniciarse con las capacidades MSI o MSI-X habilitadas y la configuraci\u00f3n de entradas. Dichos reinicios filtrar\u00e1n todos los vectores usados por las entradas MSI(-X) que el invitado podr\u00eda haber habilitado y, por lo tanto, conllevar\u00e1n al agotamiento del vector en el sistema, lo que no permitir\u00e1 que otros dispositivos PCI pasen a funcionar correctamente. Los invitados HVM con PCI pasando a trav\u00e9s de los dispositivos pueden montar un ataque de denegaci\u00f3n de servicio (DoS) que afecta el paso de dispositivos PCI para otros invitados o al dominio del hardware. En el \u00faltimo caso, esto afectar\u00eda a todo el host"
    }
  ],
  "id": "CVE-2021-3308",
  "lastModified": "2024-11-21T06:21:15.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-26T20:15:12.303",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/01/26/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-360.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-30"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/01/26/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-360.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-30"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.