medium
6.1
CWE
20
Advisory Published
CVE Published
Updated

CVE-2011-1780: Input Validation

First published: Fri May 06 2011(Updated: )

A bug was found in the way Xen handles instruction emulation during VM exits. Malicious guest user space process running in SMP guest can trick the emulator into reading different instruction than the one that caused the VM exit. To do so it should run legitimate instruction that causes VM exit in one thread and replace this instruction to another one from second thread. An unprivileged guest user can potentially use this flaw to crash the host. ------------------------------------------------------------- Original name: xen: svvp Disable Enable With IO will reboot the host which CPU is AMD Description of problem: svvp Disable Enable With IO will reboot the host svvp "Disable Enable with IO"'s child job "Driver Verifier -Enable"'s child job "Reboot System Under Test" should only reboot the guest , but when the guest prepare to enter the desktop after reboot , the host (SUT) will reboot . Version-Release number of selected component (if applicable): xen-3.0.3-129.el5 kernel-xen-2.6.18-257.el5 xenpv-win-1.3.4-9.el5 How reproducible: 100% Steps to Reproduce: 1. run the Disable Enable With IO 2. 3. Actual results: host will reboot Expected results: host should not reboot Additional info: Sometimes the guest even do not run the disable and enable jobs ,the host will reboot when I reboot the guest which run the disable and enable job once.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Xen Xen=3.0.3

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203