The dommuupdate function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM guests using Hardware Assisted Paging (HAP).
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libxen-4.4", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "libxen-dev", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "libxen-ocaml", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "libxen-ocaml-dev", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "libxenstore3.0", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-hypervisor-4.1-amd64", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-hypervisor-4.3-amd64", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-hypervisor-4.3-armhf", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-hypervisor-4.4-amd64", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-hypervisor-4.4-arm64", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-hypervisor-4.4-armhf", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-system-amd64", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-system-arm64", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-system-armhf", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-utils-4.4", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xen-utils-common", "binary_version": "4.4.1-0ubuntu0.14.04.2" }, { "binary_name": "xenstore-utils", "binary_version": "4.4.1-0ubuntu0.14.04.2" } ] }