XSA-105

CVE-2014-7155

问题描述

http://xenbits.xen.org/xsa/advisory-105.html

Missing privilege level checks in x86 HLT, LGDT, LIDT, and LMSW emulation

The emulation of the instructions HLT, LGDT, LIDT, and LMSW fails to perform supervisor mode permission checks.

permission uncheck (missing)

Patch描述

http://xenbits.xen.org/xsa/xsa105.patch

x86/emulate: check cpl for all privileged instructions

Without this, it is possible for userspace to load its own IDT or GDT.

检查CPL。

Consequence

Malicious HVM guest user mode code may be able to crash the guest or escalate its own privilege to guest kernel mode.

DoS, privilege escalation