Vulnerability Description
Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:S/C:N/I:N/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | <= 4.1.1 |
Related Weaknesses (CWE)
References
- http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html
- http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html
- http://secunia.com/advisories/45622Vendor Advisory
- http://secunia.com/advisories/51468Vendor Advisory
- http://www.debian.org/security/2012/dsa-2582
- http://www.securityfocus.com/bid/49146
- http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07aExploit
- http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html
- http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html
- http://secunia.com/advisories/45622Vendor Advisory
- http://secunia.com/advisories/51468Vendor Advisory
- http://www.debian.org/security/2012/dsa-2582
- http://www.securityfocus.com/bid/49146
- http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07aExploit
FAQ
What is CVE-2011-3131?
CVE-2011-3131 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IO...
How severe is CVE-2011-3131?
CVE-2011-3131 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3131?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.