Vigil@nce: Xen, Citrix XenServer, denial of service via AMD
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker in a guest ParaVirtualized 64 bit system can use a
vulnerability of some AMD processors, in order to stop the host
system.
– Severity: 1/4
– Creation date: 12/06/2012
IMPACTED PRODUCTS
– Red Hat Enterprise Linux
– SUSE Linux Enterprise Desktop
– SUSE Linux Enterprise Server
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
AMD announced a bug in its processors, in the following case:
– the processor is in 64 bit mode
– the code segment limit is 0xFFFF FFFF
– the last byte of the current instruction is located at 0x7FFF
FFFF FFFF
– the next instruction is located at 0x8000 0000 0000
In this case, a General Protection Exception occurs.
An attacker in a guest ParaVirtualized 64 bit system can therefore
use a vulnerability of some AMD processors, in order to stop the
host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-Citrix-XenServer-denial-of-service-via-AMD-11695