xen-kernel -- Uncontrolled creation of large page mappings by PV guests
The Xen Project reports:
The code to validate level 2 page table entries is bypassed when
certain conditions are satisfied. This means that a PV guest can
create writable mappings using super page mappings. Such writable
mappings can violate Xen intended invariants for pages which Xen is
supposed to keep read-only. This is possible even if the
"allowsuperpage" command line option is not used.
Malicious PV guest administrators can escalate privilege so as to
control the whole system.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright