Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 19 Dec 2016 11:34:56 -0500
From: <cve-assign@...re.org>
To: <security@....org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: Xen Security Advisory 204 - x86: Mishandling of SYSCALL singlestep during emulation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>                     Xen Security Advisory XSA-204

> Xen wrongly raised the exception based on the flags at the start of
> the instruction.

> Guest userspace which can invoke the instruction emulator can use this
> flaw to escalate its privilege to that of the guest kernel.

> A 64-bit guest kernel which uses an IST for #DB handling will most likely
> mitigate the issue, but will have a single unexpected #DB exception
> frame to deal with. This in practice means that Linux is not
> vulnerable.

Use CVE-2016-10013.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYWAvbAAoJEHb/MwWLVhi2rVQP/jbDygsBkkatt/w7GbxvpCjr
IoSo+krkGda29Dgi4pMAcP8zG3KgRso4tJ48z+Jn30+EpO3zgQSLcCfEaB6Vfbcp
zZ1wrer8KTvm5ZcV01vncEO/FVvyXX2KZ6h7XuVakOXCRE1+YEPuvdqdc6UyH7aD
mctdIVrR6jDzpsLDT6uZM6ahcCwRp6VDmxz0r4195RygOWqkmsVPmM9Q6F/VyG4A
KxBAUFIHUYHdu9Hy/s6U3+M8ugzvpeKKkkBuUcDrFvKu/gfeyFisDlG7GgUtFvp0
DRKHzxrE20UQjU7VJBXpfvkSaorWp9IlhsnrXyIJNyTxb1N3UtkYrDJpxXRlar7y
Jj/cVdPT7apIWDIRmRxLWqWrvB2dlx+j3NP3z+wETaKBrLNKj8Aq2h/013VR4CZm
QMvNQEYhKr+/AdGiVTDeUBsyqAlpp1aXhrvka4Bz1Ws9BAfTdjivGuOn6ab+Zm2U
foecT2t7ktS927yD4uAtE/dFqNrGHORFt4Kr6A+akqYMwxmuaItpctsqMTecB09p
vXFAnYk4leKzqd5QkDmqqIilTDAhdN9M0K0SJUebiJgRmhxqU0fhrA4I5jzofggh
yoKuStjvt0mM3+UQngv56ohPpCjvMxsbPwl8nN8yhwJUx/ncmpWRm74+wece5SuD
agwy+ENLZv0fk0rv5BKv
=KJsh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ