FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- Uncontrolled creation of large page mappings by PV guests

Affected packages
3.4 <= xen-kernel < 4.5.1_1

Details

VuXML ID 3d9f6260-881d-11e5-ab94-002590263bf5
Discovery 2015-10-29
Entry 2015-11-11

The Xen Project reports:

The code to validate level 2 page table entries is bypassed when certain conditions are satisfied. This means that a PV guest can create writable mappings using super page mappings. Such writable mappings can violate Xen intended invariants for pages which Xen is supposed to keep read-only. This is possible even if the "allowsuperpage" command line option is not used.

Malicious PV guest administrators can escalate privilege so as to control the whole system.

[source]

References

CVE Name CVE-2015-7835
URL http://xenbits.xen.org/xsa/advisory-148.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.