Vigil@nce - Xen: information disclosure during arithmetic operations
June 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Xen is installed on AMD processors Family 15 (or greater), an
attacker located in a guest system can obtain information during
arithmetic operations.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 04/06/2013
DESCRIPTION OF THE VULNERABILITY
The Floating Point Unit (FPU, x87) is used during floating point
arithmetic operations. The FPU contains 3 debug registers: FOP,
FIP and FDP. The FSAVE/FSTOR or FXSAVE/FXSTOR instructions save
and restore these registers. The support is enabled via the
"xsave" option.
The xrstor() function of the xen/arch/x86/i387.c file does not
manage the case of AMD processor, which require these registers to
be erased. So, a guest system can access to the content of the
FOP, FIP and FDP registers of another domain.
When Xen is installed on AMD processors Family 15 (or greater), an
attacker located in a guest system can therefore obtain
information during arithmetic operations.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-information-disclosure-during-arithmetic-operations-12901