|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Xen: denial of service via Intel SMAP
Synthesis of the vulnerability
An attacker, who is in a guest system on a Intel processor with SMAP can trigger a denial of service on the Xen host system.
Impacted systems: XenServer, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity of this alert: 1/4.
Consequences of an intrusion: denial of service on server, denial of service on service.
Pirate's origin: user shell.
Creation date: 26/07/2016.
Références of this alert: CTX214954, CVE-2016-6259, FEDORA-2016-0049aa6e5d, FEDORA-2016-01cc766201, openSUSE-SU-2016:2494-1, SUSE-SU-2016:2093-1, SUSE-SU-2016:2473-1, VIGILANCE-VUL-20225, XSA-183.
Description of the vulnerability
The Xen product can be installed on an Intel processor (Broadwell or later) supporting SMAP (Supervisor Mode Access Prevention).
However, the compat_create_bounce_frame() function does not whistelist its userspace accesses, which generates a fatal error.
An attacker, who is in a guest system on a Intel processor with SMAP can therefore trigger a denial of service on the Xen host system.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerabilities watch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.