xen-kernel -- x86 HVM: Overflow of sh_ctxt->seg_reg[]

ID 4AAE54BE-BA4D-11E6-AE1B-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2016-09-08T00:00:00


The Xen Project reports:

x86 HVM guests running with shadow paging use a subset of the x86 emulator to handle the guest writing to its own pagetables. There are situations a guest can provoke which result in exceeding the space allocated for internal state. A malicious HVM guest administrator can cause Xen to fail a bug check, causing a denial of service to the host.