OSVDB ID: 85197

Title: Xen DR7 Debug Control Register Write Handling set_debugreg Hypercall Parsing Local DoS

Info

Disclosure
Sep 05, 2012

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Sep 05, 2012

Description

 Xen contains a flaw that may allow a local denial of service. The issue is triggered when the set_debugreg hypercall allows writing to reserved bits of the DR7 debug control register. This will result in loss of availability for the program.

Classification

 Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Citrix Systems, Inc.

Xen

 4.0
4.1
4.2

XenServer

 5.0
5.0 Update 3
5.6
5.6 FP 1
5.6 SP 2
6.0
6.0.2

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/85197