[kernel-xen] Xen Security Advisory 123 (CVE-2015-2151) - Hypervisor memory corruption due to x86 emulator flaw

Steven Haigh netwiz at crc.id.au
Wed Mar 11 01:09:09 AEDT 2015


            Xen Security Advisory CVE-2015-2151 / XSA-123
                              version 4

         Hypervisor memory corruption due to x86 emulator flaw

UPDATES IN VERSION 4
====================

Public release.

ISSUE DESCRIPTION
=================

Instructions with register operands ignore eventual segment overrides
encoded for them. Due to an insufficiently conditional assignment such
a bogus segment override can, however, corrupt a pointer used
subsequently to store the result of the instruction.

IMPACT
======

A malicious guest might be able to read sensitive data relating to
other guests, or to cause denial of service on the host. Arbitrary code
execution, and therefore privilege escalation, cannot be excluded.

VULNERABLE SYSTEMS
==================

Xen 3.2.x and later are vulnerable.
Xen 3.1.x and earlier have not been inspected.

Only x86 systems are vulnerable.  ARM systems are not vulnerable.

MITIGATION
==========

There is no mitigation available for this issue.

CREDITS
=======

This issue was discovered by Felix Wilhelm of ERNW GmbH.

RESOLUTION
==========

Fixed in:
* Tue Mar 10 2015 Steven Haigh <netwiz at crc.id.au> - 4.2.5-11
- XSA-123 (CVE-2015-2151) Hypervisor memory corruption due to x86
emulator flaw

* Tue Mar 10 2015 Steven Haigh <netwiz at crc.id.au> - 4.4.1-11
- XSA-123 (CVE-2015-2151) Hypervisor memory corruption due to x86
emulator flaw

* Tue Mar 10 2015 Steven Haigh <netwiz at crc.id.au> - 4.5.0-0.4
- XSA-123 (CVE-2015-2151) Hypervisor memory corruption due to x86
emulator flaw

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20150311/430c6ae1/attachment.sig>


More information about the kernel-xen mailing list