FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- x86 task switch to VM86 mode mis-handled

Affected packages
xen-kernel < 4.7.1

Details

VuXML ID 523bb0b7-ba4d-11e6-ae1b-002590263bf5
Discovery 2016-11-22
Entry 2016-12-04

The Xen Project reports:

LDTR, just like TR, is purely a protected mode facility. Hence even when switching to a VM86 mode task, LDTR loading needs to follow protected mode semantics. This was violated by the code.

On SVM (AMD hardware): a malicious unprivileged guest process can escalate its privilege to that of the guest operating system.

On both SVM and VMX (Intel hardware): a malicious unprivileged guest process can crash the guest.

References

CVE Name CVE-2016-9382
FreeBSD PR ports/214936
URL https://xenbits.xen.org/xsa/advisory-192.html