The privilege check applied to hypercall attempts by a HVM guest only refused
access from ring 3; rings 1 and 2 were allowed through.
Code running in the intermediate privilege rings of HVM guest OSes may be able
to elevate its privileges inside the guest by careful hypercall use.
Patch available at http://xenbits.xen.org/xsa/advisory-76.html
Xen 3.0.3 through 4.1.x (possibly 184.108.40.206), 4.2.x (possibly 4.2.3), and
4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which
allows local guest users to gain privileges via a crafted application
running in ring 1 or 2.
*xen-4.3.1-r3 (06 Jan 2014)
*xen-4.3.0-r6 (06 Jan 2014)
06 Jan 2014; Ian Delaney <firstname.lastname@example.org>
add new sec patches, revbumps, patches prepared by dlan
Maintainers please advise when you are ready for stabilization.
(In reply to Yury German from comment #3)
> Maintainers please advise when you are ready for stabilization.
well we're content for stable any time. Told we need await the 30 days from
*xen-4.3.1-r4 (24 Jan 2014)
arches please do so any time from when 30 days expires
Fixed as part of Bug 500530.
Adding to existing GLSA.
This issue was resolved and addressed in
GLSA 201407-03 at http://security.gentoo.org/glsa/glsa-201407-03.xml
by GLSA coordinator Mikle Kolyada (Zlogene).