The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
https://xenbits.xen.org/xsa/advisory-220.html | mailing list vendor advisory mitigation |
https://security.gentoo.org/glsa/201708-03 | vendor advisory |
http://www.debian.org/security/2017/dsa-3969 | vendor advisory |
http://www.securitytracker.com/id/1038730 | vdb entry |
http://www.securityfocus.com/bid/99167 | vdb entry |