CVE-2021-3308

Name of the Vulnerable Software and Affected Versions Xen versions 4.12.3 through 4.12.4 Xen versions 4.13.1 through 4.14.x

Description An issue was discovered in Xen where an x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. This can lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain, which can affect the entire host.

Recommendations For Xen versions 4.12.3 through 4.12.4, consider disabling the PCI pass through feature for HVM guests to prevent the Denial of Service (DoS) attack. For Xen versions 4.13.1 through 4.14.x, consider restricting the use of MSI or MSI-X capabilities for HVM guests to minimize the risk of vector exhaustion. As a temporary workaround, consider disabling the MSI and MSI-X entries for HVM guests until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.