Hello, Le 27/02/2025 à 13:57, Xen.org security team a écrit : > Xen Security Advisory CVE-2025-1713 / XSA-467 > > deadlock potential with VT-d and legacy PCI device pass-through > > ISSUE DESCRIPTION > ================= > > When setting up interrupt remapping for legacy PCI(-X) devices, > including PCI(-X) bridges, a lookup of the upstream bridge is required. > This lookup, itself involving acquiring of a lock, is done in a context > where acquiring that lock is unsafe. This can lead to a deadlock. > > IMPACT > ====== > > The passing through of certain kinds of devices to an unprivileged guest > can result in a Denial of Service (DoS) affecting the entire host. > > Note: Normal usage of such devices by a privileged domain can also > trigger the issue. In such a scenario, the deadlock is not > considered a security issue, but just a plain bug. > > VULNERABLE SYSTEMS > ================== > > Xen versions 4.0 and later are affected. Xen versions 3.4 and earlier > are not directly affected, but had other issues. > > Systems with Intel IOMMU hardware (VT-d) are affected. Systems using > AMD or non-x86 hardware are not affected. > > Only systems where certain kinds of devices are passed through to an > unprivileged guest are vulnerable. > > MITIGATION > ========== > > Avoiding the passing through of the affected device types will avoid > the vulnerability. >
Is disabling interrupt remapping another way of mitigating this vulnerability (e.g iommu=no-intremap) ? > RESOLUTION > ========== > > Applying the attached patch resolves this issue. > > Note that patches for released versions are generally prepared to > apply to the stable branches, and may not apply cleanly to the most > recent release tarball. Downstreams are encouraged to update to the > tip of the stable branch before applying these patches. > > xsa467.patch xen-unstable - Xen 4.17.x > > $ sha256sum xsa467* > 2fffaa8892b3daecd698b4af95701045874a76edc2e18c8d2abbec85a39aa05c xsa467.patch > $ > > NOTE REGARDING LACK OF EMBARGO > ============================== > > The issue was reported initially on a public bug tracker and discussed in > public before it was realized that there was a security aspect. Teddy Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech
