xen-kernel -- x86: Privilege escalation in PV guests
The Xen Project reports:
The PV pagetable code has fast-paths for making updates to
pre-existing pagetable entries, to skip expensive re-validation
in safe cases (e.g. clearing only Access/Dirty bits). The bits
considered safe were too broad, and not actually safe.
A malicious PV guest administrator can escalate their privilege to
that of the host.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright