Vigil@nce - Xen: NULL pointer dereference via Shadow Pagetables
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced in Shadow
Pagetables of Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, Xen.
Severity: 1/4.
Creation date: 18/04/2016.
DESCRIPTION OF THE VULNERABILITY
The Xen product supports the x86 Shadow Pagetable mode.
However, if an address is superior to 2^44, Xen does not check if
a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced
in Shadow Pagetables of Xen, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Xen-NULL-pointer-dereference-via-Shadow-Pagetables-19401