CVE-2011-1898

CVSS 7.4 - HIGH

Description

Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

Affected Products

3

Vendor	Product	Version
citrix	xen	`4.0.0`
citrix	xen	`4.0.1`
citrix	xen	`4.1.0`

References

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.opensuse.org/opensuse-security-announ...

http://lists.opensuse.org/opensuse-security-announ...

http://theinvisiblethings.blogspot.com/2011/05/fol...

http://www.invisiblethingslab.com/resources/2011/S...

http://xen.1045712.n5.nabble.com/Xen-security-advi...

http://xen.org/download/index_4.0.2.html

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.fedoraproject.org/pipermail/package-a...

http://lists.opensuse.org/opensuse-security-announ...

http://lists.opensuse.org/opensuse-security-announ...

http://theinvisiblethings.blogspot.com/2011/05/fol...

http://www.invisiblethingslab.com/resources/2011/S...

http://xen.1045712.n5.nabble.com/Xen-security-advi...

http://xen.org/download/index_4.0.2.html

Weakness Types

CWE-264

CVE Information

CVE ID:: CVE-2011-1898
Published:: 2011-08-12
Modified:: 2026-04-29
CVSS Score:: 7.4
Severity:: HIGH
Vector:: AV:A/AC:M/Au:S/C:C/I:C/A:C

Affected Vendors

citrix

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL