|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] x86 sinkhole exploit
On Fri, Aug 7, 2015 at 7:10 AM, Sarah Newman <srn@xxxxxxxxx> wrote: > I've read https://github.com/xoreaxeaxeax/sinkhole/blob/master/sinkhole.asm > and it depends on wrmsr being usable with ecx = MSR_IA32_APICBASE. It > looks like xen will reject this call even if made by the dom0. Is that > correct? Yes -- maintaining control of the APIC is one of the critical things Xen needs to be able to actually act as a hypervisor: pre-empting guests and redirecting or queueing hardware interrupts to the proper VM. One potential place this might have been an issue is in the upcoming APICv hardware extensions; but I've just had a chat with Andy Cooper and he seems to think that the architectural vulnerability exploited by sinkhole was closed in the processors that introduce that hardware feature. Summary: No Xen guest should be able to trigger this directly. Obviously if someone manages to break into Xen itself, then the attack will still work if the hardware is vulnerable. And of course dom0 is *typically* in control of the boot path, so if you manage to get into dom0, you could boot into Linux (or a trojaned version of Xen) that would then implement the exploit. -George _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |