Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 766474 (CVE-2021-3308, XSA-360) - <app-emulation/xen-{4.13.2-r4,4.14.1}: host DoS via malicious guest (XSA-360, CVE-2021-3308)
Summary: <app-emulation/xen-{4.13.2-r4,4.14.1}: host DoS via malicious guest (XSA-360,...
Alias: CVE-2021-3308, XSA-360
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa+ cve]
Keywords: PullRequest
Depends on:
Reported: 2021-01-22 02:45 UTC by John Helmert III
Modified: 2021-07-12 02:50 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-01-22 02:45:05 UTC


A x86 HVM guest with PCI pass through devices can force the allocation
of all IDT vectors on the system by rebooting itself with MSI or MSI-X
capabilities enabled and entries setup.

Such reboots will leak any vectors used by the MSI(-X) entries that the
guest might had enabled, and hence will lead to vector exhaustion on the
system, not allowing further PCI pass through devices to work properly.


HVM guests with PCI pass through devices can mount a Denial of Service (DoS)
attack affecting the pass through of PCI devices to other guests or the
hardware domain.  In the latter case this would affect the entire host.


Xen versions 4.12.3, 4.12.4, and all versions from 4.13.1 onwards are
vulnerable.  Xen version 4.13.0 and all versions up to 4.12.2 are not

Only x86 systems running HVM guests with PCI pass through devices are

Patch at $URL, please apply it if there's no release addressing this.
Comment 1 John Helmert III gentoo-dev Security 2021-02-01 23:11:52 UTC
Please proceed with stabilization when ready, thanks!
Comment 2 NATTkA bot gentoo-dev 2021-02-01 23:12:54 UTC Comment hidden (obsolete)
Comment 3 NATTkA bot gentoo-dev 2021-02-03 16:08:54 UTC
All sanity-check issues have been resolved
Comment 4 Sam James archtester gentoo-dev Security 2021-02-04 14:09:26 UTC
amd64 done

all arches done
Comment 5 John Helmert III gentoo-dev Security 2021-02-04 14:52:10 UTC
Not sure how I missed CCing maintainers...

Please cleanup.
Comment 6 Larry the Git Cow gentoo-dev 2021-02-04 22:27:44 UTC
The bug has been referenced in the following commit(s):

commit 307e92ec30fa21aafd600f9788a23d6cb759c357
Author:     Tomáš Mózes <>
AuthorDate: 2021-02-04 19:08:56 +0000
Commit:     Thomas Deutschmann <>
CommitDate: 2021-02-04 22:23:39 +0000

    app-emulation/xen: drop vulnerable
    Signed-off-by: Tomáš Mózes <>
    Signed-off-by: Thomas Deutschmann <>

 app-emulation/xen/Manifest             |   4 -
 app-emulation/xen/xen-4.13.2-r2.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.13.2-r3.ebuild | 165 ---------------------------------
 app-emulation/xen/xen-4.14.0-r7.ebuild | 165 ---------------------------------
 4 files changed, 499 deletions(-)
Comment 7 John Helmert III gentoo-dev Security 2021-07-06 02:51:36 UTC
GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2021-07-12 02:50:53 UTC
This issue was resolved and addressed in
 GLSA 202107-30 at
by GLSA coordinator Sam James (sam_c).