1. Home
  2. Security Advisories
  3. Xen
  4. XSA-42

[XSA-42] Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.

Severity Medium
CVEs 1
Info References Vulnerabilities

ISSUE DESCRIPTION

Linux kernel when returning from an iret assumes that %ds segment is safe
and uses it to reference various per-cpu related fields. Unfortunately
the user can modify the LDT and provide a NULL one. Whenever an iret is called
we end up in xen_iret and try to use the %ds segment and cause an
general protection fault.

IMPACT

Malicious or buggy unprivileged user space can cause the guest kernel to
crash, or permit a privilege escalation within the guest, or operate
erroneously.

VULNERABLE SYSTEMS

All 32bit PVOPS versions of Linux are affected, since the introduction
of Xen PVOPS support in 2.6.23. Classic-Xen kernels are not vulnerable.

ID
XSA-42
Severity
medium
Severity from
CVE-2013-0228
URL
http://xenbits.xen.org/xsa/advisory-42.html
Published
2013-02-12T12:00:00
(11 years ago)
Modified
2013-02-12T12:00:00
(11 years ago)
Rights
Xen Project
Other Advisories
Source # ID Name URL
Xen Project XSA-42 Security Advisory http://xenbits.xen.org/xsa/advisory-42.html
Xen Project XSA-42 Signed Security Advisory http://xenbits.xen.org/xsa/advisory-42.txt
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date