Xen Information for VU#631579
Hardware debug exception documentation may result in unexpected behavior
- Vendor Information Help Date Notified: 01 May 2018
- Statement Date: 01 May 2018
- Date Updated: 01 May 2018
All versions of Xen are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable.
Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability.
An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users.
Running only HVM or PVH guests avoids the vulnerability.
Note however that a compromised device model (running in dom0 or a stub domain) can carry out this attack, so users with HVM domains are also advised to patch their systems.
Applying the appropriate attached patch resolves this issue.
For the full statement, please see Xen Advisory 260.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.