FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- VMX: intercept issue with INVLPG on non-canonical address

Affected packages
3.3 <= xen-kernel < 4.5.2_2

Details

VuXML ID 80adc394-ddaf-11e5-b2bd-002590263bf5
Discovery 2016-01-20
Entry 2016-02-28

The Xen Project reports:

While INVLPG does not cause a General Protection Fault when used on a non-canonical address, INVVPID in its "individual address" variant, which is used to back the intercepted INVLPG in certain cases, fails in such cases. Failure of INVVPID results in a hypervisor bug check.

A malicious guest can crash the host, leading to a Denial of Service.

References

CVE Name CVE-2016-1571
URL http://xenbits.xen.org/xsa/advisory-168.html