CVE-2013-4329

Name of the Vulnerable Software and Affected Versions Xen versions 4.0.x through 4.2.x

Description The issue allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction when IOMMU is disabled. This occurs because the xenlight library provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete.

Recommendations For Xen versions 4.0.x through 4.2.x, consider disabling the PCI passthrough device until a patch is available to complete the IOMMU setup before providing access to the device. As a temporary workaround, enable IOMMU to prevent unauthorized access to the PCI passthrough device.