A flaw was found in the way xen_iret() used userspace alterable %ds. An unprivileged local guest user in the 32-bit PV Xen domain could use this flaw to crash the guest or, potentially, escalate their privileges.
This issue was discovered by Andrew Jones of Red Hat.
This issue did affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 6.
This issue did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.
Public now via:
Created kernel tracking bugs for this issue
Affects: fedora-all [bug 910848]
Queued up for Linus' tree here:
kernel-3.7.9-101.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:0630 https://rhn.redhat.com/errata/RHSA-2013-0630.html