|Public release ||2013-11-26 12:00|
|Updated ||2013-11-26 17:02|
|Title ||Hypercalls exposed to privilege rings 1 and 2 of HVM guests|
Filesadvisory-76.txt (signed advisory file)
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory CVE-2013-4554 / XSA-76
Hypercalls exposed to privilege rings 1 and 2 of HVM guests
UPDATES IN VERSION 3
The privilege check applied to hypercall attempts by a HVM guest only refused
access from ring 3; rings 1 and 2 were allowed through.
Code running in the intermediate privilege rings of HVM guest OSes may be able
to elevate its privileges inside the guest by careful hypercall use.
Xen 3.0.3 and later are vulnerable.
Xen 3.0.2 and earlier are not vulnerable.
Running only PV guests, or running HVM guests known to not make use of
protection rings 1 and 2 will avoid this issue. As far as we are aware no
mainstream OS (Linux, Windows, BSD) make use of these rings.
This issue was discovered by Jan Beulich.
Applying the attached patch resolves this issue.
xsa76.patch xen-unstable, Xen 4.3.x, Xen 4.2.x, Xen 4.1.x
$ sha256sum xsa76*.patch
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
Xenproject.org Security Team