← Advisory Index « MOKSHA-2026-0028 MOKSHA-2026-0030 »

MOKSHA-2026-0029: SR-IOV VIF Whitelist Bypass via VIF.other_config

Advisory ID	MOKSHA-2026-0029
Semantic ID	VIOC-1
Published	2026-04-24
CVSS 3.1	7.1 High
CVSS 3.1 Vector	`AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N`
CVSS 4.0	5.3 Medium
CVSS 4.0 Vector	`AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N`
XAPI Object	`VIF`
XAPI Field	`other_config (SR-IOV path)`
Entry Role	vm-admin
Researcher	Jakob Wolffhechel, Moksha

Affected Products

Vendor	Product	Versions
Citrix / Cloud Software Group	XenServer / Citrix Hypervisor	all versions (shared XAPI codebase)
Vates	XCP-ng	8.3.0

Summary

On SR-IOV-backed VIFs in XAPI-based hypervisors (XenServer, XCP-ng), all VIF.other_config keys bypass the whitelist filter and are written unfiltered to guest-readable xenstore. The standard VIF path (Device.Vif.add at device.ml:827-829) applies a whitelist restricting xenstore writes to 7 known keys (promiscuous, ethtool-rx, ethtool-tx, ethtool-sg, ethtool-tso, ethtool-ufo, ethtool-gso). The SR-IOV path (Device.NetSriovVf.add at device.ml:978-1006) does not apply this whitelist. This breaks the security equivalence assumption between standard and SR-IOV VIFs, allowing a vm-admin to inject arbitrary key-value pairs into guest-readable xenstore on SR-IOV networks.

Vulnerability Description

VIF.other_config is a Map(String, String) field writable by vm-admin. For standard VIFs, xenopsd applies a whitelist filter that restricts which keys are written to xenstore.

Standard VIF Path (Filtered)

Device.Vif.add (device.ml:827-829)
  -> vif_udev_keys whitelist applied
  -> Only 7 known keys written to xenstore
  -> Guest sees only: promiscuous, ethtool-rx, ethtool-tx, ethtool-sg,
     ethtool-tso, ethtool-ufo, ethtool-gso

SR-IOV VIF Path (Unfiltered)

Device.NetSriovVf.add (device.ml:978-1006)
  -> NO whitelist filter applied
  -> ALL other_config keys written to xenstore
  -> Guest sees everything in VIF.other_config

The whitelist filter is a security control that was implemented for standard VIFs but completely omitted from the SR-IOV code path. Any key written to VIF.other_config by administrators, automation, or upstream systems becomes visible to the guest VM via xenstore on SR-IOV VIFs.

Root Causes

Missing security control in SR-IOV path. The vif_udev_keys whitelist is applied in Device.Vif.add but absent from Device.NetSriovVf.add. This is a code divergence - the security control was not replicated when the SR-IOV path was implemented.
Missing RBAC protection. VIF.other_config has zero map_keys_roles entries in datamodel.ml. All keys are writable by vm-admin.
Trust boundary violation. other_config is assumed to be host-internal metadata. Exposing it to the guest via xenstore violates this assumption.

Affected Systems

Directly Affected

XenServer / Citrix Hypervisor - all versions (shared xenopsd codebase)
XCP-ng 8.3 - confirmed (source trace)

Pre-conditions

SR-IOV network configured and in use
VIF assigned to an SR-IOV virtual function

Indirectly Affected

Guest VMs on SR-IOV networks - can read host-internal metadata
Future xenstore consumers - any new code that reads VIF xenstore keys on SR-IOV VIFs inherits a pre-established injection path

Exploitation Scenarios

Scenario	Impact	Pre-conditions	Status
Infrastructure metadata disclosure	Guest reads host-internal metadata from VIF.other_config via xenstore	SR-IOV VIF, metadata in other_config	Source-traced
Future injection surface	Arbitrary keys in xenstore create injection vector for future xenstore-consuming code	SR-IOV VIF	Source-traced (architectural)
Cross-tenant metadata exposure	In multi-tenant environments, admin-set metadata leaks to tenant VMs	SR-IOV VIF, multi-tenant	Modeled

Detection

Audit SR-IOV VIF xenstore entries for unexpected keys beyond the standard 7-key whitelist
Monitor VIF.other_config writes on SR-IOV-backed VIFs
See rule V-01 in disclosure/vendor-detection-guidance.md

Remediation

Short-Term Mitigations

Audit all SR-IOV VIF xenstore entries for unexpected keys
Avoid storing sensitive metadata in VIF.other_config on SR-IOV networks
Restrict vm-admin role grants on hosts with SR-IOV networks

Long-Term Fix

Apply whitelist filter to SR-IOV VIFs. Add the same vif_udev_keys whitelist to Device.NetSriovVf.add that exists in Device.Vif.add.

Audit SR-IOV code path for other divergences. If the whitelist was missed, other security controls may also be absent from the SR-IOV path.

Upstream patches exist. They are held privately pending coordinated disclosure.

Disclosure

Disclosure:

Public release: 2026-04-24 08:00 CEST
CERT/CC notified: 2026-04-23
MITRE CVE reservation filed: 2026-04-09 (no response as of publication)
EU CVE registers notified: 2026-04-18 (GCVE/CIRCL, ENISA, DIVD - no response)
Vendor (Cloud Software Group / Citrix): not contacted pre-publication
Downstream maintainer (Vates/XCP-ng): contacted 2026-04-23 with conditional patch offer

References

Related MOKSHA IDs: MOKSHA-2026-0021 (VIOC-2 promiscuous mode sniffing)
XAPI source: vendor/xenopsd/xc/device.ml:827-829 (standard VIF whitelist), vendor/xenopsd/xc/device.ml:978-1006 (SR-IOV path - no whitelist)
Thematic advisory: disclosure/advisories/vif-security-advisory.md (VIOC-1)
Investigation: research/investigations/vif-other-config.md

Credits

Discovered and reported by Jakob Wolffhechel, Moksha.

Machine-readable: MOKSHA-2026-0029.json (CVE JSON 5.1 schema)

← Advisory Index « MOKSHA-2026-0028 MOKSHA-2026-0030 »

Jakob Wolffhechel · Moksha · Copenhagen
jakob@wolffhechel.dk · +45 3170 7337
Published 2026-04-24 08:00 CEST · cna.moksha.dk · shittrix.moksha.dk