Vigil@nce - Xen: write access on ARM
June 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can bypass access restrictions on ARM in Xen, in
order to alter data of another guest system.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 04/06/2014
DESCRIPTION OF THE VULNERABILITY
The Xen product copies the memory of ARM guest systems in several
files:
xen/arch/arm/domain_build.c
xen/arch/arm/guestcopy.c
xen/arch/arm/kernel.c
xen/arch/arm/traps.c
xen/arch/arm/p2m.c
However, some functions in these files do not check if the
destination address is writable.
A local attacker can therefore bypass access restrictions on ARM
in Xen, in order to alter data of another guest system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-write-access-on-ARM-14842