Xen MPX and PKU vCPU Context Switching Information Leak Lets Local Guest Users Obtain Potentially Sensitive Information on the Target System
|
|
SecurityTracker Alert ID: 1038730 |
|
SecurityTracker URL: http://securitytracker.com/id/1038730
|
|
CVE Reference:
CVE-2017-10916
(Links to External Site)
|
Updated: Jul 7 2017
|
Original Entry Date: Jun 21 2017
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 4.5 and after
|
Description:
A vulnerability was reported in Xen. A local user on a guest system can obtain potentially sensitive information from the host system.
A local user and a guest system that uses the Memory Protection Extensions (MPX) and Protection Key (PKU) features and manually context switch between vCPUs can trigger an information leak and obtain potentially sensitive control information about guest address space pointers on the target system.
x86 hardware implementing the MPX or PKU features is affected.
ARM hardware is not affected.
HVM guests are affected.
PV guests are not affected.
Linux guests are not affected.
Andrew Cooper of Citrix reported this vulnerability.
|
Impact:
A local user can obtain potentially sensitive control information about guest address space pointers on the target system.
|
Solution:
The vendor has issued a fix (xsa220-4.5.patch, xsa220-4.6.patch, xsa220-4.7.patch, xsa220-4.8.patch, and xsa220.patch).
The vendor advisory is available at:
https://xenbits.xen.org/xsa/advisory-220.html
|
Vendor URL: xenbits.xen.org/xsa/advisory-220.html (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
