[kernel-xen] Xen Security Advisory 76 (CVE-2013-4554) - Hypercalls exposed to privilege rings 1 and 2 of HVM guests
Steven Haigh
netwiz at crc.id.au
Wed Nov 27 11:05:24 EST 2013
Xen Security Advisory CVE-2013-4554 / XSA-76
version 3
Hypercalls exposed to privilege rings 1 and 2 of HVM guests
UPDATES IN VERSION 3
====================
Public release.
ISSUE DESCRIPTION
=================
The privilege check applied to hypercall attempts by a HVM guest only
refused
access from ring 3; rings 1 and 2 were allowed through.
IMPACT
======
Code running in the intermediate privilege rings of HVM guest OSes may
be able
to elevate its privileges inside the guest by careful hypercall use.
VULNERABLE SYSTEMS
==================
Xen 3.0.3 and later are vulnerable.
Xen 3.0.2 and earlier are not vulnerable.
MITIGATION
==========
Running only PV guests, or running HVM guests known to not make use of
protection rings 1 and 2 will avoid this issue. As far as we are aware no
mainstream OS (Linux, Windows, BSD) make use of these rings.
CREDITS
=======
This issue was discovered by Jan Beulich.
RESOLUTION
==========
Fixed in xen-4.2.3-10
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20131127/31d548b6/attachment.sig>
More information about the kernel-xen
mailing list