pool/xen
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
xen/CVE-2013-4554-xsa76.patch
Charles Arnold a11c33863f - Upstream patches from Jan 
5281fad4-numa-sched-leave-node-affinity-alone-if-not-in-auto-mode.patch
  52820823-nested-SVM-adjust-guest-handling-of-structure-mappings.patch
  52820863-VMX-don-t-crash-processing-d-debug-key.patch
  5282492f-x86-eliminate-has_arch_mmios.patch
  52864df2-credit-Update-other-parameters-when-setting-tslice_ms.patch
  52864f30-fix-leaking-of-v-cpu_affinity_saved-on-domain-destruction.patch
  5289d225-nested-VMX-don-t-ignore-mapping-errors.patch
  528a0eb0-x86-consider-modules-when-cutting-off-memory.patch
  528f606c-x86-hvm-reset-TSC-to-0-after-domain-resume-from-S3.patch
  528f609c-x86-crash-disable-the-watchdog-NMIs-on-the-crashing-cpu.patch
  52932418-x86-xsave-fix-nonlazy-state-handling.patch

- Add missing requires to pciutils package for xend-tools

- bnc#851749 - Xen service file does not call xend properly
  xend.service 

- bnc#851386 - VUL-0: xen: XSA-78: Insufficient TLB flushing in
  VT-d (iommu) code
  528a0e5b-TLB-flushing-in-dma_pte_clear_one.patch

- bnc#849667 - VUL-0: xen: XSA-74: Lock order reversal between
  page_alloc_lock and mm_rwlock
  CVE-2013-4553-xsa74.patch
- bnc#849665 - VUL-0: CVE-2013-4551: xen: XSA-75: Host crash due to
  guest VMX instruction execution
  52809208-nested-VMX-VMLANUCH-VMRESUME-emulation-must-check-permission-1st.patch
- bnc#849668 - VUL-0: xen: XSA-76: Hypercalls exposed to privilege
  rings 1 and 2 of HVM guests

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=279
2013-11-26 20:18:36 +00:00

23 lines
650 B
Diff
Raw Blame History

References: bnc#849668 CVE-2013-4554 XSA-76
x86/HVM: only allow ring 0 guest code to make hypercalls
Anything else would allow for privilege escalation.
This is CVE-2013-4554 / XSA-76.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3345,7 +3345,7 @@ int hvm_do_hypercall(struct cpu_user_reg
case 4:
case 2:
hvm_get_segment_register(curr, x86_seg_ss, &sreg);
- if ( unlikely(sreg.attr.fields.dpl == 3) )
+ if ( unlikely(sreg.attr.fields.dpl) )
{
default:
regs->eax = -EPERM;
Reference in New Issue View Git Blame Copy Permalink