Woops, thanks! In addition, the CVE explanation by mitre[1] is wrong. It mentions: "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.".
However, 64-bit PV guest's seem to be vulnerable to the same bug as I confirmed yesterday by executing the PoC[2] by Quarkslab[3] in a 64-bit guest. By putting a patched kernel on the dom0, the PoC said it was no longer vulnerable. I dropped the patch[4] in debian/patches and made reference to it in debian/patches/series and started a build of the xen- hypervisor-4.4-amd64 package. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6258 [2] http://blog.quarkslab.com/resources/2016-08-04-xen_exploitation_part_3_xsa_148/xsa-182-poc.tar.gz [3] http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html [4] http://xenbits.xen.org/xsa/advisory-182.html Hope this helps anyone! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1606847 Title: xsa-182 / CVE-2016-6258 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1606847/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
