XEN 4.0.0 Denial Of Service Gain privileges Vulnerability
21 Aug. 2017
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
A vulnerability was reported in Xen. A local user on the guest system can gain elevated privileges on the guest system or cause the guest system to crash.
A local user on the guest system can exploit a flaw in VM86 mode task switching.
On systems using shared virtual memory (SVM) (e.g., AMD hardware), a local unprivileged user on the guest system can gain privileges on the guest operating system.
On systems using SVM and virtual machine extension (VMX) operations (e.g., Intel hardware), a local unprivileged user on the guest system can cause the guest system to crash.
32-bit x86 HVM guests that use hardware task switching and allow a new task to start in VM86 mode are affected.
PV guests are not affected.
64-bit guests are not affected.
ARM systems are not affected.