2281956 – (CVE-2023-46842, XSA-454) CVE-2023-46842 xen: x86 HVM hypercalls may trigger Xen bug check

Bug 2281956 (CVE-2023-46842, XSA-454) - CVE-2023-46842 xen: x86 HVM hypercalls may trigger Xen bug check

Summary: CVE-2023-46842 xen: x86 HVM hypercalls may trigger Xen bug check

Keywords:
Status:	NEW
Alias:	CVE-2023-46842, XSA-454
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2281957
Blocks:
TreeView+	depends on / blocked

Reported:	2024-05-20 17:35 UTC by Pedro Sampaio
Modified:	2024-05-20 17:35 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2024-05-20 17:35:15 UTC

Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and
other modes.  This in particular means that they may set registers used
to pass 32-bit-mode hypercall arguments to values outside of the range
32-bit code would be able to set them to.

When processing of hypercalls takes a considerable amount of time,
the hypervisor may choose to invoke a hypercall continuation.  Doing so
involves putting (perhaps updated) hypercall arguments in respective
registers.  For guests not running in 64-bit mode this further involves
a certain amount of translation of the values.

Unfortunately internal sanity checking of these translated values
assumes high halves of registers to always be clear when invoking a
hypercall.  When this is found not to be the case, it triggers a
consistency check in the hypervisor and causes a crash.

https://xenbits.xenproject.org/xsa/advisory-454.html

Comment 1 Pedro Sampaio 2024-05-20 17:35:32 UTC

Created xen tracking bugs for this issue:

Affects: fedora-all [bug 2281957]

Note You need to log in before you can comment on or make changes to this bug.