XSA-99

none (yet) assigned

问题描述

http://xenbits.xen.org/xsa/advisory-99.html

unexpected pitfall in xenaccess API

A test/example program, for exercising the Xen memaccess API, does not take all necessary precautions against hostile guest behaviour.

在调用Xen memaccess API（一个helper API，默认不会被使用）的时候，会有一些之前没有被注意的漏洞。

api abuse

Patch描述

http://xenbits.xen.org/xsa/xsa99.patch

tests/xen-access: Use helper API to setup ring and enable mem_access Prior to this patch, xen-access was setting up the ring page in a way that would give a malicous guest a window to write in to the shared ring page. This patch fixes this by using the helper API that does it safely on behalf of xen-access.

Consequence

Deployments of software inspired by, or derived from, xen.git/tools/tests/xen-access/xen-access.c, may be vulnerable to privilege escalation by a malicious guest administrator.

xen-access is a test/example program and is not, without modification, useful in production. It is not built or installed by default.

privilege escalation

not by default