FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
50ac2e96-ba4d-11e6-ae1b-002590263bf5	xen-kernel -- x86 null segments not always treated as unusable The Xen Project reports: The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses. The intended behaviour is as follows: The user data segment (%ds, %es, %fs and %gs) selectors may be NULL in 32-bit to prevent access. In 64-bit, NULL has a special meaning for user segments, and there is no way of preventing access. However, in both 32-bit and 64-bit, a NULL LDT system segment is intended to prevent access. On Intel hardware, loading a NULL selector zeros the base as well as most attributes, but sets the limit field to its largest possible value. On AMD hardware, loading a NULL selector zeros the attributes, leaving the stale base and limit intact. Xen may erroneously permit the access using unexpected base/limit values. Ability to exploit this vulnerability on Intel is easy, but on AMD depends in a complicated way on how the guest kernel manages LDTs. An unprivileged guest user program may be able to elevate its privilege to that of the guest operating system. Discovery 2016-11-22 Entry 2016-12-04 xen-kernel < 4.7.1 CVE-2016-9386 ports/214936 https://xenbits.xen.org/xsa/advisory-191.html

VuXML ID

Description

50ac2e96-ba4d-11e6-ae1b-002590263bf5

xen-kernel -- x86 null segments not always treated as unusable

The Xen Project reports:

The Xen x86 emulator erroneously failed to consider the unusability of segments when performing memory accesses.

The intended behaviour is as follows: The user data segment (%ds, %es, %fs and %gs) selectors may be NULL in 32-bit to prevent access. In 64-bit, NULL has a special meaning for user segments, and there is no way of preventing access. However, in both 32-bit and 64-bit, a NULL LDT system segment is intended to prevent access.

On Intel hardware, loading a NULL selector zeros the base as well as most attributes, but sets the limit field to its largest possible value. On AMD hardware, loading a NULL selector zeros the attributes, leaving the stale base and limit intact.

Xen may erroneously permit the access using unexpected base/limit values.

Ability to exploit this vulnerability on Intel is easy, but on AMD depends in a complicated way on how the guest kernel manages LDTs.

An unprivileged guest user program may be able to elevate its privilege to that of the guest operating system.

Discovery 2016-11-22
Entry 2016-12-04
xen-kernel

< 4.7.1

CVE-2016-9386
ports/214936
https://xenbits.xen.org/xsa/advisory-191.html