XSA-46

CVE-2013-1919

问题描述

http://xenbits.xen.org/xsa/advisory-46.html

Several access permission issues with IRQs for unprivileged guests

Various IRQ related access control operations may not have the intended effect, thus potentially permitting a stub domain to grant its client domain access to an IRQ it doesn’t have access to itself.

privilege uncheck (inadequate check in IRQ handling)

Patch描述

http://xenbits.xen.org/xsa/xsa46-4.2.patch

x86: fix various issues with handling guest IRQs

• properly revoke IRQ access in map_domain_pirq() error path
• don’t permit replacing an in use IRQ
• don’t accept inputs in the GSI range for MAP_PIRQ_TYPE_MSI
• track IRQ access permission in host IRQ terms, not guest IRQ ones (and with that, also disallow Dom0 access to IRQ0)

Consequence

Malicious or buggy stub domains kernels can mount a denial of service attack possibly affecting the whole system.

DoS