CVE-2011-1166
Host crash due to failure to correctly validate PV kernel execution state
Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
lack of check (execution state)
http://xenbits.xen.org/hg/xen-4.1-testing.hg/rev/842aed720b84
x86_64: fix error checking in arch_set_info_guest()
--- a/xen/arch/x86/domain.c Sat Mar 12 13:25:44 2011 +0000
+++ b/xen/arch/x86/domain.c Mon Mar 14 17:00:34 2011 +0000
@@ -826,6 +826,11 @@ int arch_set_info_guest(
v->arch.guest_table_user = pagetable_from_pfn(cr3_pfn);
}
+ else if ( !(flags & VGCF_in_kernel) )
+ {
+ destroy_gdt(v);
+ return -EINVAL;
+ }
}
else
{DoS