Vigil@nce - Xen: denial of service on ia64
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When Linux Xen is used on an ia64 processor, a local attacker can
generate a denial of service.
Severity: 1/4
Creation date: 11/06/2010
DESCRIPTION OF THE VULNERABILITY
An ia64/IA-64 processor uses a PSR (Processor Status Register)
bitfield:
– bit 1 (BE) : enable Big Endian
– bit 2 (UP) : enable the user performance monitor
– etc.
The DCR (Default Control Register) register contains:
– bit 1 (PP) : privileged performance monitor
– bit 2 (BE) : Big Endian
– etc.
When a process generates an error, and when the DCR.BE bit is set
to zero, the PSR.BE bit is not reset in the
xen/arch/ia64/xen/faults.c file. A NULL pointer is then
dereferenced.
When Linux Xen is used on an ia64 processor, a local attacker can
therefore generate a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-on-ia64-9704