[kernel-xen] Xen Security Advisory 66 (CVE-2013-4361) - Information leak through fbld instruction emulation
netwiz at crc.id.au
Mon Sep 30 22:13:10 EST 2013
Xen Security Advisory CVE-2013-4361 / XSA-66
Information leak through fbld instruction emulation
UPDATES IN VERSION 3
The emulation of the fbld instruction (which is used during I/O
emulation) uses the wrong variable for the source effective address.
As a result, the actual address used is an uninitialised bit pattern
from the stack.
A malicious guest might be able to find out information about the
contents of the hypervisor stack, by observing which values are
actually being used by fbld and inferring what the address must have
been. Depending on the actual values on the stack this attack might
be very difficult to carry out.
A malicious guest might conceivably gain access to sensitive data
relating to other guests.
Xen 3.3.x and later are vulnerable.
Only HVM guests can take advantage of this vulnerability.
Running only PV guests will avoid this issue.
There is no mitigation available for HVM guests. We believe this
vulnerability would require significant research to exploit.
Jan Beulich discovered this issue.
Fixed in xen-4.2.3-2.el6
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the kernel-xen