Bugzilla – Bug 826718
VUL-0: CVE-2013-2212: xen: XSA-60: Excessive time to disable caching with HVM guests with PCI passthrough
Last modified: 2016-04-27 19:00:30 UTC
CRD: 2013-07-19 12:00 UTC
Date: Tue, 25 Jun 2013 17:12:46 +0000
From: "Xen.org security team"
Subject: [firstname.lastname@example.org] Xen Security Advisory 60 - Excessive time to disable caching with HVM guests with PCI passthrough
Xen Security Advisory XSA-60
Excessive time to disable caching with HVM guests with PCI passthrough
*** EMBARGOED UNTIL 2013-07-19 12:00 UTC ***
HVM guests are able to manipulate their physical address space such that
processing a subsequent request by that guest to disable caches takes an
extended amount of time changing the cachability of the memory pages assigned
to this guest. This applies only when the guest has been granted access to
some memory mapped I/O region (typically by way of assigning a passthrough
This can cause the CPU which processes the request to become unavailable,
possibly causing the hypervisor or a guest kernel (including the domain 0 one)
to halt itself ("panic").
This vulnerability has not yet been assigned a CVE Candidate number by
MITRE. We will issue an updated version when this is available.
A malicious domain, given access to a device with memory mapped I/O
regions, can cause the host to become unresponsive for a period of
time, potentially leading to a DoS affecting the whole system.
Xen version 3.3 onwards is vulnerable.
Only systems using the Intel variant of Hardware Assisted Paging (aka EPT) are
This issue can be avoided by not assigning PCI devices to untrusted guests, or
by running HVM guests with shadow mode paging (through adding "hap=0" to the
domain configuration file).
There is currently no resolution to this issue.
bugbot adjusting priority