Vigil@nce - Xen: information disclosure via HVM CR0.TS/EM
October 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use CR0.TS/EM on Xen x86 HVM, in order to obtain
sensitive information on the current system.
Impacted products: XenServer, Fedora, Xen.
Severity: 1/4.
Creation date: 04/10/2016.
DESCRIPTION OF THE VULNERABILITY
The Xen product can manage x86 HVM guest systems.
However, an attacker can raise a Device Not Available Exception
while CR0.EM or CR0.TS are set, which can be used to read a
register of another task on the same VM.
An attacker can therefore use CR0.TS/EM on Xen x86 HVM, in order
to obtain sensitive information on the current system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Xen-information-disclosure-via-HVM-CR0-TS-EM-20762