ISSUE DESCRIPTION ================= Emulation routines in the hypervisor dealing with certain system devices check whether the access size by the guest is a supported one. When the access size is unsupported these routines failed to set the data to be returned to the guest for read accesses, so that hypervisor stack contents are copied into the destination of the operation, thus becoming visible to the guest. IMPACT ====== A malicious HVM guest might be able to read sensitive data relating to other guests. VULNERABLE SYSTEMS ================== Xen 3.2.x and later are vulnerable. Xen 3.1.x and earlier have not been inspected. Only HVM guests can take advantage of this vulnerability. Only x86 systems are vulnerable. ARM systems are not vulnerable. MITIGATION ========== Running only PV guests will avoid this issue.
Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
Created attachment 994404 [details] XSA-121 upstream patch for CVE-2015-2044
Statement: Not vulnerable. This issue does not affect the Xen hypervisor as shipped with Red Hat Enterprise Linux 5.
External References: http://xenbits.xen.org/xsa/advisory-121.html