CVE none (yet) assigned



non-standard PCI device functionality may render pass-through insecure

Devices with capabilities or defects that are undocumented or that virtualization software is unaware of may allow guests to control parts of the host that they shouldn’t be in control of. Here are some examples of the kind of problem:

Since the details are device specific, special workarounds would need to be developed for any such device for which secure pass-through is desired. Developing such workarounds is a task presenting multiple challenges, particularly since the hardware details are often not officially documented, and is beyond the scope of normal security fixes.

undocument specification



Passing through a device providing such mechanisms, which bypass or subvert the software layers that ensure security and correctness, may expose the host to guest induced information leaks, host crashes, and privilege escalation.

Possible information leak, DoS and privilege escalation