The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and previous versions allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen 3.4.0 |
||
xen xen 3.4.2 |
||
xen xen 3.4.3 |
||
xen xen 3.4.4 |
||
xen xen 4.0.0 |
||
xen xen 4.0.1 |
||
xen xen 4.0.3 |
||
xen xen 4.0.4 |
||
xen xen 4.1.0 |
||
xen xen 4.1.1 |
||
xen xen 4.1.2 |
||
xen xen 4.1.3 |
||
xen xen 4.1.4 |
||
xen xen 4.1.5 |
||
xen xen 4.2.0 |
||
xen xen 4.2.1 |
||
xen xen 4.2.2 |
||
xen xen 4.2.3 |
||
xen xen 4.3.0 |
||
xen xen 4.3.1 |
||
xen xen 4.4.0 |
||
xen xen 4.4.1 |
||
xen xen 4.5.0 |
||
xen xen 4.6.0 |
||
xen xen 4.6.1 |
||
xen xen 4.6.3 |
||
xen xen 4.7.0 |
||
citrix xenserver 6.0 |
||
citrix xenserver 6.0.2 |
||
citrix xenserver 6.1 |
||
citrix xenserver 6.2.0 |
||
citrix xenserver 6.5.0 |
||
citrix xenserver 7.0 |
Explo-Xen ... it rhymes with explosion
Code dive A super-bug in the Xen hypervisor may allow privileged code running in guests to escape to the underlying host. This means, on vulnerable systems, malicious administrators within virtual machines can potentially break out of their confines and start interfering with the host server and other guests. This could be really bad news for shared environments. All versions of open-source Xen are affected (CVE-2016-6258, XSA-182) although it is only potentially exploitable on x86 hardware runn...