Comment 3 for bug 1606847

Woops, thanks!

In addition, the CVE explanation by mitre[1] is wrong. It mentions: "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.".

However, 64-bit PV guest's seem to be vulnerable to the same bug as I confirmed yesterday by executing the PoC[2] by Quarkslab[3] in a 64-bit guest. By putting a patched kernel on the dom0, the PoC said it was no longer vulnerable.

I dropped the patch[4] in debian/patches and made reference to it in debian/patches/series and started a build of the xen-hypervisor-4.4-amd64 package.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6258
[2] http://blog.quarkslab.com/resources/2016-08-04-xen_exploitation_part_3_xsa_148/xsa-182-poc.tar.gz
[3] http://blog.quarkslab.com/xen-exploitation-part-3-xsa-182-qubes-escape.html
[4] http://xenbits.xen.org/xsa/advisory-182.html

Hope this helps anyone!