• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Xen DR7 and CR4 Registers Multiple Local Denial of Service Vulnerabilities

Severity: LOW

Description:

Xen is an open-source hypervisor or virtual machine monitor.

Xen is prone to multiple local denial-of-service vulnerabilities:

- A denial-of-service vulnerability occurs when using the 'DR7' registers to set breakpoints. This will cause the hypervisor to crash. To exploit this issue, an attacker must have local access to a guest operating system running under an HVM-based (hardware-assisted virtual machine) hypervisor.

- A denial-of-service vulnerability occurs when handling modified 'CR4' registers. Specifically, the application allows unauthorized users to modify the 'CR4' registers. This will cause the guest operating system to crash. To exploit this issue, the attacker must have local access to a guest operating system running with a paravirtualized kernel.

Attackers can exploit these issues to crash the hypervisor, triggering denial-of-service conditions for all hosted virtual machines.

Affected Products:

• Linux kernel 2.6.5
• RedHat Enterprise Linux 5 server
• RedHat Enterprise Linux Desktop 5 client
• S.u.S.E. Linux 10.1 ppc
• S.u.S.E. Linux 10.1 x86
• S.u.S.E. Linux 10.1 x86-64
• S.u.S.E. Linux Enterprise Server 10
• S.u.S.E. Linux Enterprise Server 10.SP1
• S.u.S.E. Linux Personal 10.1
• S.u.S.E. Linux Professional 10.1
• S.u.S.E. SUSE Linux Enterprise Server 10
• S.u.S.E. openSUSE 10.2
• S.u.S.E. openSUSE 10.3
• XenSource Xen 3.0
• XenSource Xen 3.0.3
• XenSource Xen 3.1.1
• XenSource Xen 3.1.2

References:

• XenSource: XenSource Homepage
• XenSource: [Xen-devel] [PATCH, fixed] x86: fix debug register handling
• XenSource: [Xen-devel] [PATCH] x86: allow pv guests to disable TSC for applications

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.