Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 205206 - app-emulation/xen-3.X DR7 and CR4 Register Handling Denial of Service Vulnerabilities (CVE-2007-5906 CVE-2007-5907)
Summary: app-emulation/xen-3.X DR7 and CR4 Register Handling Denial of Service Vulnera...
Status: RESOLVED DUPLICATE of bug 198995
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/28405/
Whiteboard: ~3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-10 13:16 UTC by Lars Hartmann
Modified: 2008-01-10 13:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Hartmann 2008-01-10 13:16:55 UTC 
Some vulnerabilities have been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

1) An error within the handling of the DR7 debug register can be exploited out of a guest system to crash the hypervisor by setting certain breakpoints.

Successful exploitation may require that a HVM hypervisor is used.

2) Access to the CR4 register is not properly checked. This can be exploited out of a guest system to e.g. crash DomU or Dom0 domains.

Successful exploitation may require that a paravirtualised kernel is used.

Solution:
Restrict access to trusted users only.

Provided and/or discovered by:
Reported by Jan Beulich.

Original Advisory:
http://lists.xensource.com/archives/html/xen-devel/2007-10/msg01048.html
http://lists.xensource.com/archives/html/xen-devel/2007-10/msg00932.html
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-10 13:52:44 UTC 
Please search before reporting ;-)

*** This bug has been marked as a duplicate of bug 198995 ***