FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- x86: Missing SMAP whitelisting in 32-bit exception / event delivery

Affected packages
4.5 < xen-kernel < 4.7.0_3

Details

VuXML ID 04cf89e3-5854-11e6-b334-002590263bf5
Discovery 2016-07-26
Entry 2016-08-02

The Xen Project reports:

Supervisor Mode Access Prevention is a hardware feature designed to make an Operating System more robust, by raising a pagefault rather than accidentally following a pointer into userspace. However, legitimate accesses into userspace require whitelisting, and the exception delivery mechanism for 32bit PV guests wasn't whitelisted.

A malicious 32-bit PV guest kernel can trigger a safety check, crashing the hypervisor and causing a denial of service to other VMs on the host.

[source]

References

CVE Name CVE-2016-6259
FreeBSD PR ports/211482
URL http://xenbits.xen.org/xsa/advisory-183.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.