In addition, the CVE explanation by mitre[1] is wrong. It mentions: "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.".
However, 64-bit PV guest's seem to be vulnerable to the same bug as I confirmed yesterday by executing the PoC[2] by Quarkslab[3] in a 64-bit guest. By putting a patched kernel on the dom0, the PoC said it was no longer vulnerable.
I dropped the patch[4] in debian/patches and made reference to it in debian/patches/series and started a build of the xen-hypervisor-4.4-amd64 package.
Woops, thanks!
In addition, the CVE explanation by mitre[1] is wrong. It mentions: "The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.".
However, 64-bit PV guest's seem to be vulnerable to the same bug as I confirmed yesterday by executing the PoC[2] by Quarkslab[3] in a 64-bit guest. By putting a patched kernel on the dom0, the PoC said it was no longer vulnerable.
I dropped the patch[4] in debian/patches and made reference to it in debian/ patches/ series and started a build of the xen-hypervisor- 4.4-amd64 package.
[1] https:/ /cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2016- 6258 blog.quarkslab. com/resources/ 2016-08- 04-xen_ exploitation_ part_3_ xsa_148/ xsa-182- poc.tar. gz blog.quarkslab. com/xen- exploitation- part-3- xsa-182- qubes-escape. html xenbits. xen.org/ xsa/advisory- 182.html
[2] http://
[3] http://
[4] http://
Hope this helps anyone!