FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- x86 segment base write emulation lacking canonical address checks

Affected packages
4.4 <= xen-kernel < 4.7.1

Details

VuXML ID 53dbd096-ba4d-11e6-ae1b-002590263bf5
Discovery 2016-11-22
Entry 2016-12-04

The Xen Project reports:

Both writes to the FS and GS register base MSRs as well as the WRFSBASE and WRGSBASE instructions require their input values to be canonical, or a #GP fault will be raised. When the use of those instructions by the hypervisor was enabled, the previous guard against #GP faults (having recovery code attached) was accidentally removed.

A malicious guest administrator can crash the host, leading to a DoS.

References

CVE Name CVE-2016-9385
FreeBSD PR ports/214936
URL https://xenbits.xen.org/xsa/advisory-193.html