The x86emulate function in arch/x86/x86emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libxenstore3.0": "4.4.0-0ubuntu5.2", "libxen-4.4": "4.4.0-0ubuntu5.2", "libxen-ocaml-dev": "4.4.0-0ubuntu5.2", "libxen-dev": "4.4.0-0ubuntu5.2", "xen-hypervisor-4.3-amd64": "4.4.0-0ubuntu5.2", "xen-hypervisor-4.3-armhf": "4.4.0-0ubuntu5.2", "xen-system-amd64": "4.4.0-0ubuntu5.2", "xen-hypervisor-4.4-arm64": "4.4.0-0ubuntu5.2", "libxen-ocaml": "4.4.0-0ubuntu5.2", "xenstore-utils": "4.4.0-0ubuntu5.2", "xen-system-armhf": "4.4.0-0ubuntu5.2", "xen-hypervisor-4.1-amd64": "4.4.0-0ubuntu5.2", "xen-hypervisor-4.4-armhf": "4.4.0-0ubuntu5.2", "xen-hypervisor-4.4-amd64": "4.4.0-0ubuntu5.2", "xen-utils-common": "4.4.0-0ubuntu5.2", "xen-utils-4.4": "4.4.0-0ubuntu5.2", "xen-system-arm64": "4.4.0-0ubuntu5.2" } ] }