CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/01/26/4	Mailing List Patch Third Party Advisory
http://xenbits.xen.org/xsa/advisory-360.html	Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN/
https://security.gentoo.org/glsa/202107-30	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:xen:xen::::::::
	cpe:2.3:o:xen:xen:4.12.3:::::::*
	cpe:2.3:o:xen:xen:4.12.4:::::::*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-01-26 20:15

Updated : 2023-11-07 03:37

NVD link : CVE-2021-3308

Mitre link : CVE-2021-3308

CVE.ORG link : CVE-2021-3308

JSON object : View

Products Affected

xen

xen

fedoraproject

fedora

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-3308", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-01-26T20:15:12.303", "references": [{"url": "http://www.openwall.com/lists/oss-security/2021/01/26/4", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://xenbits.xen.org/xsa/advisory-360.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S5C42TMQYB6SDVT2MPFEWY65A6RSUVBN/", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202107-30", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Xen versiones 4.12.3 hasta 4.12.4 y versiones 4.13.1 hasta 4.14.x. Un invitado HVM x86 con PCI pasando a trav\u00e9s de los dispositivos puede forzar la asignaci\u00f3n de todos los vectores IDT en el sistema al reiniciarse con las capacidades MSI o MSI-X habilitadas y la configuraci\u00f3n de entradas. Dichos reinicios filtrar\u00e1n todos los vectores usados por las entradas MSI(-X) que el invitado podr\u00eda haber habilitado y, por lo tanto, conllevar\u00e1n al agotamiento del vector en el sistema, lo que no permitir\u00e1 que otros dispositivos PCI pasen a funcionar correctamente. Los invitados HVM con PCI pasando a trav\u00e9s de los dispositivos pueden montar un ataque de denegaci\u00f3n de servicio (DoS) que afecta el paso de dispositivos PCI para otros invitados o al dominio del hardware. En el \u00faltimo caso, esto afectar\u00eda a todo el host"}], "lastModified": "2023-11-07T03:37:57.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E098391E-2E24-44B7-8F28-7343DF9E58E6", "versionEndIncluding": "4.14.1", "versionStartIncluding": "4.13.1"}, {"criteria": "cpe:2.3:o:xen:xen:4.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "050028D1-C44E-4101-8FBA-9822AF11BCC3"}, {"criteria": "cpe:2.3:o:xen:xen:4.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFFFC008-78C6-4256-8B78-AB9E1D374D93"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}