Some vulnerabilities have been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service). 1) An error within the handling of the DR7 debug register can be exploited out of a guest system to crash the hypervisor by setting certain breakpoints. Successful exploitation may require that a HVM hypervisor is used. 2) Access to the CR4 register is not properly checked. This can be exploited out of a guest system to e.g. crash DomU or Dom0 domains. Successful exploitation may require that a paravirtualised kernel is used. Solution: Restrict access to trusted users only. Provided and/or discovered by: Reported by Jan Beulich. Original Advisory: http://lists.xensource.com/archives/html/xen-devel/2007-10/msg01048.html http://lists.xensource.com/archives/html/xen-devel/2007-10/msg00932.html
Please search before reporting ;-) *** This bug has been marked as a duplicate of bug 198995 ***