Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "xen-hypervisor-4.6-armhf": "4.6.0-1ubuntu4.1", "libxenstore3.0": "4.6.0-1ubuntu4.1", "xenstore-utils-dbgsym": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.5-armhf": "4.6.0-1ubuntu4.1", "libxenstore3.0-dbgsym": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.5-amd64": "4.6.0-1ubuntu4.1", "xen-utils-4.6": "4.6.0-1ubuntu4.1", "libxen-dev": "4.6.0-1ubuntu4.1", "xen-system-amd64": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.4-arm64": "4.6.0-1ubuntu4.1", "xenstore-utils": "4.6.0-1ubuntu4.1", "xen-system-armhf": "4.6.0-1ubuntu4.1", "xen-utils-common": "4.6.0-1ubuntu4.1", "libxen-4.6": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.4-amd64": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.6-amd64": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.5-arm64": "4.6.0-1ubuntu4.1", "xen-utils-4.6-dbgsym": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.4-armhf": "4.6.0-1ubuntu4.1", "xen-hypervisor-4.6-arm64": "4.6.0-1ubuntu4.1", "libxen-4.6-dbgsym": "4.6.0-1ubuntu4.1", "xen-system-arm64": "4.6.0-1ubuntu4.1" } ] }