Red Hat Bugzilla – Bug 221387
HVM bug: MOVS/OUTS/INS crossing pages
Last modified: 2007-11-30 17:07:39 EST
When doing movs/outs/ins backwards (df == 1) and the start position crosses a
page boundary, the hypervisor may read/write the wrong location inside the HVM
guest. This presents a memory protection failure inside the HVM which may be
used for privilege elevation inside the guest.
The upstream changeset that fixes this includes a general clean-up. So we'll
need to redo the fix minimally for RHEL5.
What _is_ the upstream cset for this?
date: Wed Oct 18 15:13:41 2006 +0100
summary: [HVM] MMIO/PIO fixes and cleanups.
Xen 3.1.0 went into RHEL 5.1 recently.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.