ISSUE DESCRIPTION ================= Along with their main kernel binary, unprivileged guests may arrange to have their Xen environment load (kernel) symbol tables for their use. The ELF image metadata created for this purpose has a few unused bytes when the symbol table binary is in 32-bit ELF format. These unused bytes were not properly cleared during symbol table loading. IMPACT ====== A malicious unprivileged guest may be able to obtain sensitive information from the host. The information leak is small and not under the control of the guest, so effectively exploiting this vulnerability is probably difficult. VULNERABLE SYSTEMS ================== Only Xen version 4.7 is affected. Xen versions 4.6 and earlier are not affected. The vulnerability is not exposed to x86 HVM guests, unless the host toolstack has configured to load the guest with a non-default loader, rather than hvmloader. MITIGATION ========== There is no known mitigation. External References: http://xenbits.xen.org/xsa/advisory-194.html Acknowledgements: Name: the Xen project Upstream: Roger Pau Monné (Citrix)
Created attachment 1218534 [details] xen-unstable, Xen 4.7.x
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1397383]