oss-sec mailing list archives
Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM
From: Ian Jackson <Ian.Jackson () eu citrix com>
Date: Wed, 4 Jun 2014 17:05:01 +0100
cve-assign () mitre org writes ("Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM"): ...
When accessing guest memory Xen does not correctly perform permissions checks on the (possibly guest provided) virtual address ... This allows a guest to write to memory which it should only be able to read.In the event that a guest executes code from a page which has been shared read-only with another guest it would be possible to mount a take over attack on that guest.Use CVE-2014-3969.
Thanks. I have sent out updated versions of XSA-96 and -98.
Our understanding is that "executes code from a page which has been shared read-only" depends on the permissions issue (lack of a check for execute permission), and is not an independent problem.
That is correct. Thanks, Ian.
Current thread:
- Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Jun 04)
- Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM cve-assign (Jun 04)
- Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Ian Jackson (Jun 04)
- Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM cve-assign (Jun 04)