CVE-2013-0153 - The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passth

CVE-2013-0153

Summary

The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.

References

Vulnerable Configurations

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*

CVSS

Base:	4.7 (as of 29-08-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:M/Au:N/C:N/I:N/A:C

redhat via4

advisories

bugzilla

id	910903
title	CVE-2013-0153 kernel: xen: interrupt remap entries shared and old ones not cleared on AMD IOMMUs

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

comment kernel earlier than 0:2.6.18-348.6.1.el5 is currently running
oval oval:com.redhat.rhsa:tst:20130847025
comment kernel earlier than 0:2.6.18-348.6.1.el5 is set to boot up on next boot
oval oval:com.redhat.rhsa:tst:20130847026

AND
comment kernel is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847001
comment kernel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314002
AND
comment kernel-PAE is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847003
comment kernel-PAE is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314004

AND

comment kernel-PAE-devel is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847005
comment kernel-PAE-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314006

AND

comment kernel-debug is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847007
comment kernel-debug is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314008

AND

comment kernel-debug-devel is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847009
comment kernel-debug-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314010

AND

comment kernel-devel is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847011
comment kernel-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314012

AND
comment kernel-doc is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847013
comment kernel-doc is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314014

AND

comment kernel-headers is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847015
comment kernel-headers is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314016

AND

comment kernel-kdump is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847017
comment kernel-kdump is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314018

AND

comment kernel-kdump-devel is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847019
comment kernel-kdump-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314020

AND
comment kernel-xen is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847021
comment kernel-xen is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314022

AND

comment kernel-xen-devel is earlier than 0:2.6.18-348.6.1.el5
oval oval:com.redhat.rhsa:tst:20130847023
comment kernel-xen-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhba:tst:20080314024

rhsa

id	RHSA-2013:0847
released	2013-05-21
severity	Moderate
title	RHSA-2013:0847: kernel security and bug fix update (Moderate)

rpms

kernel-0:2.6.18-348.6.1.el5
kernel-PAE-0:2.6.18-348.6.1.el5
kernel-PAE-debuginfo-0:2.6.18-348.6.1.el5
kernel-PAE-devel-0:2.6.18-348.6.1.el5
kernel-debug-0:2.6.18-348.6.1.el5
kernel-debug-debuginfo-0:2.6.18-348.6.1.el5
kernel-debug-devel-0:2.6.18-348.6.1.el5
kernel-debuginfo-0:2.6.18-348.6.1.el5
kernel-debuginfo-common-0:2.6.18-348.6.1.el5
kernel-devel-0:2.6.18-348.6.1.el5
kernel-doc-0:2.6.18-348.6.1.el5
kernel-headers-0:2.6.18-348.6.1.el5
kernel-kdump-0:2.6.18-348.6.1.el5
kernel-kdump-debuginfo-0:2.6.18-348.6.1.el5
kernel-kdump-devel-0:2.6.18-348.6.1.el5
kernel-xen-0:2.6.18-348.6.1.el5
kernel-xen-debuginfo-0:2.6.18-348.6.1.el5
kernel-xen-devel-0:2.6.18-348.6.1.el5

refmap via4

bid	57745
debian	DSA-2636
gentoo	GLSA-201309-24
mlist	[oss-security] 20130205 Xen Security Advisory 36 (CVE-2013-0153) - interrupt remap entries shared and old ones not cleared on AMD IOMMUs
osvdb	89867
secunia	51881 55082
suse	SUSE-SU-2014:0446 openSUSE-SU-2013:0636 openSUSE-SU-2013:0637 openSUSE-SU-2013:0912
xf	xen-amdiommu-dos(81831)

Last major update

29-08-2017 - 01:32

Published

14-02-2013 - 22:55

Last modified

29-08-2017 - 01:32