Vigil@nce - Xen: denial of service via XSETBV
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker located in a PV guest can use XSETBV, in order to
trigger a denial of service of the Xen hypervisor.
– Impacted products: Unix (platform)
– Severity: 1/4
– Creation date: 04/06/2013
DESCRIPTION OF THE VULNERABILITY
The XSETBV instruction writes in the eXtended Control Register
(XCR). Its support is enabled via the "xsave" option.
However, Xen does not manage exceptions occurring during the
execution of XSETBV.
An attacker located in a PV guest can therefore use XSETBV, in
order to trigger a denial of service of the Xen hypervisor.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-XSETBV-12903