Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv2

CVE-2011-1898

Published: 12/08/2011 Updated: 26/10/2011
CVSS v2 Base Score: 7.4 | Impact Score: 10 | Exploitability Score: 4.4
VMScore: 659
Vector: AV:A/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Xen

Vulnerability Summary

Xen 4.1 prior to 4.1.1 and 4.0 prior to 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

citrix xen 4.0.0

citrix xen 4.0.1

citrix xen 4.1.0

Vendor Advisories

Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, several bugs,and add one enhancement are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues and various bugsare now available for Red Hat Enterprise Linux 56 Extended Update SupportThe Red Hat Security Response Team has rated this update ...
Debian Security Advisories: DSA-2337-1 xen -- several vulnerabilities
Several vulnerabilities were discovered in the Xen virtual machine hypervisor CVE-2011-1166 A 64-bit guest can get one of its vCPUs into non-kernel mode without first providing a valid non-kernel pagetable, thereby locking up the host system CVE-2011-1583, CVE-2011-3262 Local users can cause a denial of service and possibly execute arb ...

References

CWE-264http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.htmlhttp://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdfhttp://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.htmlhttp://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.htmlhttp://xen.org/download/index_4.0.2.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.htmlhttps://access.redhat.com/errata/RHSA-2011:1479https://nvd.nist.govhttps://www.debian.org/security/./dsa-2337
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook