FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- PV superpage functionality missing sanity checks

Affected packages
xen-kernel = 3.4.0
xen-kernel = 3.4.1
4.1 <= xen-kernel < 4.5.2_2

Details

VuXML ID 7ed7c36f-ddaf-11e5-b2bd-002590263bf5
Discovery 2016-01-20
Entry 2016-02-28

The Xen Project reports:

The PV superpage functionality lacks certain validity checks on data being passed to the hypervisor by guests. This is the case for the page identifier (MFN) passed to MMUEXT_MARK_SUPER and MMUEXT_UNMARK_SUPER sub-ops of the HYPERVISOR_mmuext_op hypercall as well as for various forms of page table updates.

Use of the feature, which is disabled by default, may have unknown effects, ranging from information leaks through Denial of Service to privilege escalation.

References

CVE Name CVE-2016-1570
URL http://xenbits.xen.org/xsa/advisory-167.html