FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- x86 64-bit bit test instruction emulation broken

Affected packages
xen-kernel < 4.7.1

Details

VuXML ID 56f0f11e-ba4d-11e6-ae1b-002590263bf5
Discovery 2016-11-22
Entry 2016-12-04

The Xen Project reports:

The x86 instructions BT, BTC, BTR, and BTS, when used with a destination memory operand and a source register rather than an immediate operand, access a memory location offset from that specified by the memory operand as specified by the high bits of the register source.

A malicious guest can modify arbitrary memory, allowing for arbitrary code execution (and therefore privilege escalation affecting the whole host), a crash of the host (leading to a DoS), or information leaks. The vulnerability is sometimes exploitable by unprivileged guest user processes.

References

CVE Name CVE-2016-9383
FreeBSD PR ports/214936
URL https://xenbits.xen.org/xsa/advisory-195.html