{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-12-13T11:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a"}, {"name": "DSA-2582", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2582"}, {"name": "45622", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45622"}, {"name": "[Xen-devel] 20110812 Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html"}, {"name": "51468", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51468"}, {"name": "[Xen-devel] 20110616 IOMMU faults", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html"}, {"name": "49146", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/49146"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3131", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a"}, {"name": "DSA-2582", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2582"}, {"name": "45622", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45622"}, {"name": "[Xen-devel] 20110812 Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock", "refsource": "MLIST", "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html"}, {"name": "51468", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/51468"}, {"name": "[Xen-devel] 20110616 IOMMU faults", "refsource": "MLIST", "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html"}, {"name": "49146", "refsource": "BID", "url": "http://www.securityfocus.com/bid/49146"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:22:27.556Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a"}, {"name": "DSA-2582", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2582"}, {"name": "45622", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45622"}, {"name": "[Xen-devel] 20110812 Xen Advisory 5 (CVE-2011-3131) IOMMU fault livelock", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html"}, {"name": "51468", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51468"}, {"name": "[Xen-devel] 20110616 IOMMU faults", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html"}, {"name": "49146", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/49146"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3131", "datePublished": "2012-12-13T11:00:00Z", "dateReserved": "2011-08-11T00:00:00Z", "dateUpdated": "2024-09-16T23:45:36.240Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC4F2A7E-FB80-40F0-9535-10A10C6B2836", "versionEndIncluding": "4.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock."}, {"lang": "es", "value": "Xen v4.1.1 y anteriores permite causar una denegaci\u00f3n de servicio (consumo de CPU y bloqueo de Xen) a los kernels de sistemas operativos huesped que controlan dispositivos PCI[E] a trav\u00e9s de muchas peticiones DMA modificadas que son denegadas por la IOMMU, lo que desencadena un bloqueo activo."}], "id": "CVE-2011-3131", "lastModified": "2024-11-21T01:29:48.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 4.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-13T11:53:33.350", "references": [{"source": "cve@mitre.org", "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html"}, {"source": "cve@mitre.org", "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45622"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51468"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2012/dsa-2582"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/49146"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-06/msg01106.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://old-list-archives.xen.org/archives/html/xen-devel/2011-08/msg00450.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51468"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2012/dsa-2582"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/49146"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1386", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-274.7.1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-10-20T00:00:00Z"}], "bugzilla": {"description": "kernel: xen: IOMMU fault livelock", "id": "730341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730341"}, "csaw": false, "cvss": {"cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified"}, "details": ["Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock."], "name": "CVE-2011-3131", "public_date": "2011-08-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-3131\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3131"], "statement": "The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6,\nand Red Hat Enterprise MRG are not affected. It has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html.", "threat_severity": "Moderate"}