FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-kernel -- broken check in memory_exchange() permits PV guest breakout

Affected packages
xen-kernel < 4.7.2_1

Details

VuXML ID 90becf7c-1acf-11e7-970f-002590263bf5
Discovery 2017-04-04
Entry 2017-04-06

The Xen Project reports:

The XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.

A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing for all of privilege escalation, host crashes, and information leaks.

References

CVE Name CVE-2017-7228
URL https://xenbits.xen.org/xsa/advisory-212.html