Vulnerabilities > CVE-2011-3131 - Resource Management Errors vulnerability in XEN

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
xen
CWE-399
nessus

Summary

Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2011-0008.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Passthrough: disable bus-mastering on any card that causes an IOMMU fault (Tim Deegan) (CVE-2011-3131) - Serialize iptables calls in hotplug scripts (rhbz 460410) - Fix iptables service check bug (orabug 11727087)
    last seen2020-06-01
    modified2020-06-02
    plugin id79474
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79474
    titleOracleVM 2.2 : xen (OVMSA-2011-0008)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2011-0008.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79474);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:06");
    
      script_cve_id("CVE-2011-3131");
      script_bugtraq_id(49146);
    
      script_name(english:"OracleVM 2.2 : xen (OVMSA-2011-0008)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Passthrough: disable bus-mastering on any card that
        causes an IOMMU fault (Tim Deegan) (CVE-2011-3131)
    
      - Serialize iptables calls in hotplug scripts (rhbz
        460410)
    
      - Fix iptables service check bug (orabug 11727087)"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2011-August/000062.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1a285e99"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-debugger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-pvhvm-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:xen-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS2.2", reference:"xen-3.4.0-0.1.34.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"xen-64-3.4.0-0.1.34.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"xen-debugger-3.4.0-0.1.34.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"xen-devel-3.4.0-0.1.34.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"xen-pvhvm-devel-3.4.0-0.1.34.el5")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"xen-tools-3.4.0-0.1.34.el5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xen / xen-64 / xen-debugger / xen-devel / xen-pvhvm-devel / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-10834.NASL
    descriptionuntrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55961
    published2011-08-24
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55961
    titleFedora 16 : xen-4.1.1-3.fc16 (2011-10834)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1408.NASL
    descriptionAn updated rhev-hypervisor package that fixes several security issues is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. The RHBA-2011:1254 update introduced a regression in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79280
    published2014-11-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79280
    titleRHEL 5 : rhev-hypervisor (RHSA-2011:1408)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1386.NASL
    descriptionFrom Red Hat Security Advisory 2011:1386 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id68375
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68375
    titleOracle Linux 5 : kernel (ELSA-2011-1386)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XEN-7699.NASL
    descriptionThis update fixes a denial of service (Host Crash) in the XEN hypervisor. (CVE-2011-2901)
    last seen2020-06-01
    modified2020-06-02
    plugin id57267
    published2011-12-13
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57267
    titleSuSE 10 Security Update : Xen (ZYPP Patch Number 7699)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111020_KERNEL_ON_SL5_X.NASL
    descriptionThe kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : - The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) - IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id61162
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61162
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2582.NASL
    descriptionMultiple denial of service vulnerabilities have been discovered in the Xen Hypervisor. One of the issue (CVE-2012-5513 ) could even lead to privilege escalation from guest to host. Some of the recently published Xen Security Advisories ( XSA 25and 28) are not fixed by this update and should be fixed in a future release. - CVE-2011-3131 ( XSA 5): DoS using I/OMMU faults from PCI-passthrough guest A VM that controls a PCI[E] device directly can cause it to issue DMA requests to invalid addresses. Although these requests are denied by the I/OMMU, the hypervisor needs to handle the interrupt and clear the error from the I/OMMU, and this can be used to live-lock a CPU and potentially hang the host. - CVE-2012-4535 ( XSA 20): Timer overflow DoS vulnerability A guest which sets a VCPU with an inappropriate deadline can cause an infinite loop in Xen, blocking the affected physical CPU indefinitely. - CVE-2012-4537 ( XSA 22): Memory mapping failure DoS vulnerability When set_p2m_entry fails, Xen
    last seen2020-03-17
    modified2012-12-09
    plugin id63188
    published2012-12-09
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63188
    titleDebian DSA-2582-1 : xen - several vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1386.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id56569
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56569
    titleCentOS 5 : kernel (CESA-2011:1386)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-10942.NASL
    descriptionuntrusted guest controlling PCI[E] device can lock up host CPU [CVE-2011-3131] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56010
    published2011-08-31
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56010
    titleFedora 15 : xen-4.1.1-3.fc15 (2011-10942)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1386.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system
    last seen2020-06-01
    modified2020-06-02
    plugin id56577
    published2011-10-21
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56577
    titleRHEL 5 : kernel (RHSA-2011:1386)

Redhat

rpms
  • kernel-0:2.6.18-274.7.1.el5
  • kernel-PAE-0:2.6.18-274.7.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-PAE-devel-0:2.6.18-274.7.1.el5
  • kernel-debug-0:2.6.18-274.7.1.el5
  • kernel-debug-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-debug-devel-0:2.6.18-274.7.1.el5
  • kernel-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-debuginfo-common-0:2.6.18-274.7.1.el5
  • kernel-devel-0:2.6.18-274.7.1.el5
  • kernel-doc-0:2.6.18-274.7.1.el5
  • kernel-headers-0:2.6.18-274.7.1.el5
  • kernel-kdump-0:2.6.18-274.7.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-kdump-devel-0:2.6.18-274.7.1.el5
  • kernel-xen-0:2.6.18-274.7.1.el5
  • kernel-xen-debuginfo-0:2.6.18-274.7.1.el5
  • kernel-xen-devel-0:2.6.18-274.7.1.el5