oss-sec mailing list archives

Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM

From: Ian Jackson <Ian.Jackson () eu citrix com>
Date: Wed, 4 Jun 2014 17:05:01 +0100

cve-assign () mitre org writes ("Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory 
on ARM"):
...

When accessing guest memory Xen does not correctly perform permissions
checks on the (possibly guest provided) virtual address ... This
allows a guest to write to memory which it should only be able to
read.

In the event that a guest executes code from a page which has been
shared read-only with another guest it would be possible to mount a
take over attack on that guest.


Use CVE-2014-3969.


Thanks.  I have sent out updated versions of XSA-96 and -98.

Our understanding is that "executes code from a page which has been
shared read-only" depends on the permissions issue (lack of a check
for execute permission), and is not an independent problem.


That is correct.

Thanks,
Ian.

Current thread:

Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Xen . org security team (Jun 04)
- Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM cve-assign (Jun 04)
  - Re: Xen Security Advisory 98 - insufficient permissions checks accessing guest memory on ARM Ian Jackson (Jun 04)