Описание
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
Отчет
Not vulnerable. This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 as we did not have support for sysenter for 64bit PV guests running on the Xen hypervisor (introduced in upstream changeset 16207:aeebd173c3fa). This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 5 | kernel-xen | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise MRG 2 | realtime-kernel | Not affected |
Показывать по
Дополнительная информация
Статус:
5.7 Medium
CVSS2
Связанные уязвимости
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not ...
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.
5.7 Medium
CVSS2