ISSUE DESCRIPTION ================= The PV pagetable code has fast-paths for making updates to pre-existing pagetable entries, to skip expensive re-validation in safe cases (e.g. clearing only Access/Dirty bits). The bits considered safe were too broad, and not actually safe. IMPACT ====== A malicous PV guest administrator can escalate their privilege to that of the host. VULNERABLE SYSTEMS ================== All versions of Xen are vulnerable. The vulnerability is only exposed to PV guests on x86 hardware. The vulnerability is not exposed to x86 HVM guests, or ARM guests. MITIGATION ========== Running only HVM guests will avoid this vulnerability. External References: http://xenbits.xen.org/xsa/advisory-182.html Acknowledgements: Name: the Xen project
Created attachment 1179130 [details] Xen 4.5 patch
Created attachment 1179131 [details] Xen 4.6 patch
Created attachment 1179132 [details] xen-unstable patch
CVE-2016-6258 was assigned to this issue.
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1360358]
xen-4.6.3-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.5.3-9.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.