Xen privilege escalation vulnerability on Intel CPU - CVE-2012-0217

I’ve just built and rolled out packages that have been patched against this.

If you are running Xen on a 64 bit machine, please make sure you update to 4.1.2-8 ASAP.

From the Xen-Announce post:

ISSUE DESCRIPTION

Rafal Wojtczuk has discovered a vulnerability which can allow a 64-bit PV guest kernel running on a 64-bit hypervisor to escalate privileges to that of the host by arranging for a system call to return via sysret to a non-canonical RIP. Intel CPUs deliver the resulting exception in an undesirable processor state.

IMPACT

Guest administrators can gain control of the host.

Depending on the particular guest kernel it is also possible that non-privileged guest user processes can also elevate their privileges to that of the host.

I’ve also patched for CVE-2012-2934 - although this probably won’t hit anyone…