Xen安全通告467 v1 (CVE-2025-1713):VT-d与旧PCI设备传递时的死锁风险
Xen安全漏洞CVE-2025-1713(XSA-467)可能导致VT-d和旧PCI设备传递时的死锁问题,影响Xen 4.0及以上版本和Intel IOMMU硬件系统。缓解方法是避免传递受影响设备类型。 2025-2-28 02:45:0 Author: seclists.org(查看原文) 阅读量:23 收藏
Xen安全漏洞CVE-2025-1713(XSA-467)可能导致VT-d和旧PCI设备传递时的死锁问题,影响Xen 4.0及以上版本和Intel IOMMU硬件系统。缓解方法是避免传递受影响设备类型。 2025-2-28 02:45:0 Author: seclists.org(查看原文) 阅读量:23 收藏
oss-sec mailing list archives
From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Thu, 27 Feb 2025 21:42:15 -0500
On Thu, Feb 27, 2025 at 03:33:18PM +0000, Teddy Astie wrote:
Hello, Le 27/02/2025 à 13:57, Xen.org security team a écrit :Xen Security Advisory CVE-2025-1713 / XSA-467 deadlock potential with VT-d and legacy PCI device pass-through ISSUE DESCRIPTION ================= When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock. IMPACT ====== The passing through of certain kinds of devices to an unprivileged guest can result in a Denial of Service (DoS) affecting the entire host. Note: Normal usage of such devices by a privileged domain can also trigger the issue. In such a scenario, the deadlock is not considered a security issue, but just a plain bug. VULNERABLE SYSTEMS ================== Xen versions 4.0 and later are affected. Xen versions 3.4 and earlier are not directly affected, but had other issues. Systems with Intel IOMMU hardware (VT-d) are affected. Systems using AMD or non-x86 hardware are not affected. Only systems where certain kinds of devices are passed through to an unprivileged guest are vulnerable. MITIGATION ========== Avoiding the passing through of the affected device types will avoid the vulnerability.Is disabling interrupt remapping another way of mitigating this vulnerability (e.g iommu=no-intremap) ?
No, as this allows other attacks that allow denial of service at the very least. See https://lore.kernel.org/xen-devel/19915.58644.191837.671729 () mariner uk xensource com/. -- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description:
Current thread:
- Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Xen . org security team (Feb 27)
- Re: Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Teddy Astie (Feb 27)
- Re: Re: Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Demi Marie Obenour (Feb 27)
- Re: Xen Security Advisory 467 v1 (CVE-2025-1713) - deadlock potential with VT-d and legacy PCI device pass-through Teddy Astie (Feb 27)
文章来源: https://seclists.org/oss-sec/2025/q1/165
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh