FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- Unmediated PCI register access in qemu

Affected packages
3.3 <= xen-tools < 4.5.0_6

Details

VuXML ID 3d657340-27ea-11e5-a4a5-002590263bf5
Discovery 2015-06-02
Entry 2015-07-11

The Xen Project reports:

Qemu allows guests to not only read, but also write all parts of the PCI config space (but not extended config space) of passed through PCI devices not explicitly dealt with for (partial) emulation purposes.

Since the effect depends on the specific purpose of the the config space field, it's not possible to give a general statement about the exact impact on the host or other guests. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded.

References

CVE Name CVE-2015-4106
URL http://xenbits.xen.org/xsa/advisory-131.html