Vigil@nce: Linux kernel, denial of service via Xen x86-64
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
In a Xen x86-64 environment, a local attacker can generate a page
fault, in order to stop the system.
– Severity: 1/4
– Creation date: 30/11/2010
DESCRIPTION OF THE VULNERABILITY
On an x86 processor, the GDT/LDT (Global/Local Descriptor Table)
converts a logical memory address to a physical address.
When a user process accesses to an invalid memory page, a page
fault occurs. The handle_gdt_ldt_mapping_fault() function of Xen
processes these cases. However, on a 64 bit processor, this
function does not manage some invalid addresses, and calls the
BUG_ON() macro, which stops the kernel.
In a Xen x86-64 environment, a local attacker can therefore
generate a page fault, in order to stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-Xen-x86-64-10163