From mboxrd@z Thu Jan 1 00:00:00 1970 From: Philipp Hahn Subject: Re: Xen Security Advisory 173 (CVE-2016-3960) - x86 shadow pagetables: address width overflow Date: Fri, 13 May 2016 12:55:56 +0200 Message-ID: <5735B2BC.3010706@univention.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" To: Tim Deegan , Jan Beulich Cc: Stefan Bader , Xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org SGksCgoKQW0gMTguMDQuMjAxNiB1bSAxNTozMSBzY2hyaWViIFhlbi5vcmcgc2VjdXJpdHkgdGVh bToKPiAgICAgICAgICAgICBYZW4gU2VjdXJpdHkgQWR2aXNvcnkgQ1ZFLTIwMTYtMzk2MCAvIFhT QS0xNzMKPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uIDMKPiAKPiAgICAg ICAgICAgICAgeDg2IHNoYWRvdyBwYWdldGFibGVzOiBhZGRyZXNzIHdpZHRoIG92ZXJmbG93Ci4u Lgo+IElTU1VFIERFU0NSSVBUSU9OCj4gPT09PT09PT09PT09PT09PT0KPiBJbiB0aGUgeDg2IHNo YWRvdyBwYWdldGFibGUgY29kZSwgdGhlIGd1ZXN0IGZyYW1lIG51bWJlciBvZiBhCj4gc3VwZXJw YWdlIG1hcHBpbmcgaXMgc3RvcmVkIGluIGEgMzItYml0IGZpZWxkLiAgSWYgYSBzaGFkb3dlZCBn dWVzdAo+IGNhbiBjYXVzZSBhIHN1cGVycGFnZSBtYXBwaW5nIG9mIGEgZ3Vlc3QtcGh5c2ljYWwg YWRkcmVzcyBhdCBvciBhYm92ZQo+IDJeNDQgdG8gYmUgc2hhZG93ZWQsIHRoZSB0b3AgYml0cyBv ZiB0aGUgYWRkcmVzcyB3aWxsIGJlIGxvc3QsIGNhdXNpbmcKPiBhbiBhc3NlcnRpb24gZmFpbHVy ZSBvciBOVUxMIGRlcmVmZXJlbmNlIGxhdGVyIG9uLCBpbiBjb2RlIHRoYXQKPiByZW1vdmVzIHRo ZSBzaGFkb3cuCi4uLgo+IFZVTE5FUkFCTEUgU1lTVEVNUwo+ID09PT09PT09PT09PT09PT09PQo+ IFhlbiB2ZXJzaW9ucyBmcm9tIDMuNCBvbndhcmRzIGFyZSBhZmZlY3RlZC4KPiAKPiBPbmx5IHg4 NiB2YXJpYW50cyBvZiBYZW4gYXJlIHN1c2NlcHRpYmxlLiAgQVJNIHZhcmlhbnRzIGFyZSBub3QK PiBhZmZlY3RlZC4KLi4uCj4gUkVTT0xVVElPTgo+ID09PT09PT09PT0KPiBBcHBseWluZyB0aGUg YXBwcm9wcmlhdGUgYXR0YWNoZWQgcGF0Y2ggcmVzb2x2ZXMgdGhpcyBpc3N1ZS4KLi4uCj4geHNh MTczLTQuMy5wYXRjaCAgICAgICBYZW4gNC4zLngKCkFzIFhlbi00LjIgYW5kIHhlbi00LjEgYXJl IGFsc28gdnVsbmVyYWJsZSwgSSdtIHRyeWluZyB0byBiYWNrcG9ydCB0aGlzLgpUaGUgNC4zIHBh dGNoIGFwcGxpZXMgbW9zdGx5LCBidXQgY29tcGlsYXRpb24gZmFpbHMgYXMgeDg2LTMyLWJpdApz dXBwb3J0IHdhcyBkcm9wcGVkIHdpdGggWGVuLTQuMyBhbmQgIF9QQUdFX0lOVkFMSURfQklUIHJl bWFpbnMKdW5kZWZpbmVkIGZvciB4ODYtMzI6Cj4gZ3Vlc3Rfd2Fsay5jOiBJbiBmdW5jdGlvbiAn bWFuZGF0b3J5X2ZsYWdzJzoKPiBndWVzdF93YWxrLmM6NjY6NDA6IGVycm9yOiAnX1BBR0VfSU5W QUxJRF9CSVQnIHVuZGVjbGFyZWQgKGZpcnN0IHVzZSBpbiB0aGlzIGZ1bmN0aW9uKQo+IGd1ZXN0 X3dhbGsuYzo2Njo0MDogbm90ZTogZWFjaCB1bmRlY2xhcmVkIGlkZW50aWZpZXIgaXMgcmVwb3J0 ZWQgb25seSBvbmNlIGZvciBlYWNoIGZ1bmN0aW9uIGl0IGFwcGVhcnMgaW4KPiBndWVzdF93YWxr LmM6IEluIGZ1bmN0aW9uICdndWVzdF93YWxrX3RhYmxlc18yX2xldmVscyc6Cj4gZ3Vlc3Rfd2Fs ay5jOjE0NjozMDogZXJyb3I6ICdfUEFHRV9JTlZBTElEX0JJVCcgdW5kZWNsYXJlZCAoZmlyc3Qg dXNlIGluIHRoaXMgZnVuY3Rpb24pCj4gZ3Vlc3Rfd2Fsay5jOiBJbiBmdW5jdGlvbiAnbWFuZGF0 b3J5X2ZsYWdzJzoKPiBndWVzdF93YWxrLmM6Njc6MTogZXJyb3I6IGNvbnRyb2wgcmVhY2hlcyBl bmQgb2Ygbm9uLXZvaWQgZnVuY3Rpb24gWy1XZXJyb3I9cmV0dXJuLXR5cGVdCgpJdCdzIG9ubHkg ZGVmaW5lZCBmb3IgeDg2LTY0Ogo+IC0tLSBhL3hlbi9pbmNsdWRlL2FzbS14ODYveDg2XzY0L3Bh Z2UuaAo+ICsrKyBiL3hlbi9pbmNsdWRlL2FzbS14ODYveDg2XzY0L3BhZ2UuaAouLi4KPiArLyoK PiArICogQml0IDI0IG9mIGEgMjQtYml0IGZsYWcgbWFzayEgIFRoaXMgaXMgbm90IGFueSBiaXQg b2YgYSByZWFsIHB0ZSwKPiArICogYW5kIGlzIG9ubHkgdXNlZCBmb3Igc2lnbmFsbGluZyBpbiB2 YXJpYWJsZXMgdGhhdCBjb250YWluIGZsYWdzLgo+ICsgKi8KPiArI2RlZmluZSBfUEFHRV9JTlZB TElEX0JJVCAoMVU8PDI0KQo+ICsKPiAgI2VuZGlmIC8qIF9fWDg2XzY0X1BBR0VfSF9fICovCgpJ IGd1ZXNzIHVzaW5nIGJpdCAyNCBpcyBva2F5IGZvciAzMiBiaXQsIHRvby4KCkNhbiBzb21lb25l IGNvbmZpcm0gdGhhdCBwbGVhc2U/CgpQaGlsaXBwCgpfX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fXwpYZW4tZGV2ZWwgbWFpbGluZyBsaXN0Clhlbi1kZXZlbEBs aXN0cy54ZW4ub3JnCmh0dHA6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=