XSA-124

CVE none (yet) assigned


问题描述

http://xenbits.xen.org/xsa/advisory-124.html

non-standard PCI device functionality may render pass-through insecure

Devices with capabilities or defects that are undocumented or that virtualization software is unaware of may allow guests to control parts of the host that they shouldn’t be in control of. Here are some examples of the kind of problem:

Since the details are device specific, special workarounds would need to be developed for any such device for which secure pass-through is desired. Developing such workarounds is a task presenting multiple challenges, particularly since the hardware details are often not officially documented, and is beyond the scope of normal security fixes.

undocument specification


Patch描述


Consequence

Passing through a device providing such mechanisms, which bypass or subvert the software layers that ensure security and correctness, may expose the host to guest induced information leaks, host crashes, and privilege escalation.

Possible information leak, DoS and privilege escalation