oss-sec mailing list archives
CVE request: xen: x86-64: don't crash Xen upon direct pv guest access
From: Eugene Teo <eugene () redhat com>
Date: Tue, 30 Nov 2010 13:12:50 +0800
handle_gdt_ldt_mapping_fault() is intended to deal with indirect accesses (i.e. those caused by descriptor loads) to the GDT/LDT mapping area only. While for 32-bit segment limits indeed prevent the function being entered for direct accesses (i.e. a #GP fault will be raised even before the address translation gets done, on 64-bit even user mode accesses would lead to control reaching the BUG_ON() at the beginning of that function.
http://lists.xensource.com/archives/html/xen-devel/2010-11/msg01650.html https://bugzilla.redhat.com/show_bug.cgi?id=658155 Thanks, Eugene
Current thread:
- CVE request: xen: x86-64: don't crash Xen upon direct pv guest access Eugene Teo (Nov 29)
- Re: CVE request: xen: x86-64: don't crash Xen upon direct pv guest access Josh Bressers (Nov 30)