Vigil@nce - Xen: denial of service via an access to a system register
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker in a guest system can trigger incorrect traps to the
guest kernel, in order to trigger a denial of service.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 12/08/2014
DESCRIPTION OF THE VULNERABILITY
On ARM architectures, Xen can mange guest systems that manage 64
bits user processes.
When a user process attempt to reference a system register, the
physical processor traps and Xen should redirect the trap to the
guest kernel. However, if Xen does not know the used register,
typically because it is vendor specific, Xen wrongly redirect the
trap to the guest kernel, which often leads to an exception in the
guest kernel and sometimes to a crash of the guest.
An attacker in a guest system can therefore trigger incorrect
traps to the guest kernel, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-an-access-to-a-system-register-15166