Vigil@nce - Xen: memory corruption via Segment Override
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker in a guest system can generate a memory corruption
with a Segment Override of Xen, in order to trigger a denial of
service, and possibly to execute code on the host system.
– Impacted products: XenServer, Debian, Fedora, Unix (platform)
– Severity: 2/4
– Creation date: 10/03/2015
DESCRIPTION OF THE VULNERABILITY
The Xen product emulates x86 processors. An x86 instruction can
use a Segment Override. For example:
mov ax, [es:1234]
However, if the Segment Override is encoded with some operands, a
memory corruption occurs.
An attacker in a guest system can therefore generate a memory
corruption with a Segment Override of Xen, in order to trigger a
denial of service, and possibly to execute code on the host system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-memory-corruption-via-Segment-Override-16357