[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Xen VM Escape
From: Alan Hikerell <hikerell () gmail ! com>
Date: 2015-10-29 15:39:39
Message-ID: CAHXf_9MOEHgLOjcASX_GSmA53benPrLRF1MC48y+ZU5Kx4TsnA () mail ! gmail ! com
[Download RAW message or body]
Xen XSA-148(http://xenbits.xen.org/xsa/advisory-148.html) is the real VM
Escape Vulnerability
XSA-148 is public just now and it's a memory management logic vulnerability
obviously.
The bulletin means that a micious PV DomU could enable PS/RW flag of its
PDE to read/write the 2M page.
So, if a attacker prepare a page table at the 2M page, he could use the
vulnerability to modify the PT.
Finally, this vulnerability changes to a arbitrary machine memory
read/write vulnerability.
--
hikerell
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic