MOKSHA-2026-0055: set_other_config RBAC Bypass for PCI Passthrough Key

Summary

A vm-admin in XAPI-based hypervisors (XenServer, XCP-ng) can bypass the pool-admin-restricted pci key in VM.other_config by using the VM.set_other_config method instead of VM.add_to_other_config. The pci key is protected by map_keys_roles at _R_POOL_ADMIN for per-key operations, but set_other_config replaces the entire map atomically without checking per-key RBAC. This allows a vm-admin to assign PCI devices to a VM, granting the guest direct DMA access to host memory regions - an operation that should require pool-admin privileges. The set_other_config bypass is acknowledged in datamodel.ml:614-624 as a known architectural limitation.

Vulnerability Description

VM.other_config implements partial per-key RBAC via map_keys_roles: the pci key requires _R_POOL_ADMIN, while folder and XenCenter.CustomFields.* require _R_VM_OP. The add_to_other_config and remove_from_other_config methods enforce these per-key checks. However, set_other_config replaces the entire map in a single operation and bypasses all per-key RBAC.

The bypass:

1. vm-admin reads the current VM.other_config map: VM.get_other_config(vm)
2. Modifies the pci key in the local copy (normally restricted to pool-admin)
3. Calls VM.set_other_config(vm, modified_map) - this succeeds because the method-level RBAC only requires vm-admin
4. The pci key now contains the attacker's value

The pci key is consumed at xapi_xenops.ml:499,520 to determine PCI device passthrough assignments. PCI passthrough gives the guest direct hardware access including DMA, bypassing the IOMMU in some configurations.

The bypass is documented in XAPI's own source code at datamodel.ml:614-624:

(* set_other_config replaces the entire map and bypasses map_keys_roles *)

Root Causes

1. Architectural RBAC bypass. set_other_config replaces the entire map without enforcing map_keys_roles. This is a known design limitation shared by all XAPI objects with map_keys_roles entries.

2. Security-critical key in user-writable map. The pci key controls hardware passthrough - a security-critical operation that grants DMA access. Storing it in other_config rather than a dedicated field creates a mixed-privilege map where RBAC granularity is insufficient.

3. Insufficient method-level RBAC. set_other_config inherits the class default role (_R_VM_ADMIN) rather than requiring the highest privilege level of any protected key in the map.

Affected Systems

Directly Affected

• XenServer / Citrix Hypervisor - all versions (shared XAPI codebase)
• XCP-ng - all versions (confirmed on 8.3.0)

Indirectly Affected

• Host hardware - PCI passthrough grants the guest direct DMA access to host memory regions
• Co-located VMs - DMA-capable guests can potentially access other VMs' memory depending on IOMMU configuration
• Security compliance - PCI passthrough changes the trust boundary between guest and host

Exploitation Scenarios

Chaining Analysis

• VOC-5 standalone: The set_other_config bypass gives vm-admin access to PCI passthrough without needing BOC-1. This is a direct privilege escalation within the RBAC model.
• VOC-5 + BOC-1: If combined with BOC-1 S3 (RBAC collapse), the attacker first gains pool-admin and can then use add_to_other_config directly. The set_other_config bypass makes BOC-1 unnecessary for this specific escalation.

Detection

• Monitor VM.set_other_config calls for changes to the pci key
• Compare pci key values before and after set_other_config operations
• Alert on PCI device assignments by non-pool-admin sessions
• See rule V-05 in disclosure/vendor-detection-guidance.md

Remediation

Short-Term Mitigations

• Audit all VM.other_config records for unexpected pci key values
• Monitor set_other_config API calls for privilege escalation attempts
• Restrict vm-admin delegated access to trusted administrators only

Long-Term Fix

Fix set_other_config RBAC enforcement. Enforce map_keys_roles checks on set_other_config by comparing the incoming map against the current map and verifying per-key RBAC for any changed keys.

Move PCI configuration to a dedicated field. The pci key controls hardware passthrough and should be a first-class, RBAC-protected field rather than a key in other_config.

Upstream patches exist. They are held privately pending coordinated disclosure.

Disclosure

Disclosure:

• Public release: 2026-04-24 08:00 CEST
• CERT/CC notified: 2026-04-23
• MITRE CVE reservation filed: 2026-04-09 (no response as of publication)
• EU CVE registers notified: 2026-04-18 (GCVE/CIRCL, ENISA, DIVD - no response)
• Vendor (Cloud Software Group / Citrix): not contacted pre-publication
• Downstream maintainer (Vates/XCP-ng): contacted 2026-04-23 with conditional patch offer

References

• XAPI source: datamodel.ml:614-624 (set_other_config bypass acknowledgement), xapi_xenops.ml:499,520 (pci key consumption for PCI passthrough), datamodel.ml (VM.other_config map_keys_roles: pci at _R_POOL_ADMIN)
• Thematic advisory: disclosure/advisories/voc-security-advisory.md (VOC-5)
• Investigation: research/investigations/vm-other-config.md

Credits

Discovered and reported by Jakob Wolffhechel, Moksha.