FreeBSD : xen-kernel -- x86 software guest page walk PS bit handling flaw (e43b210a-4212-11e6-942d-bc5ff45d0f28)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Xen Project reports :

The Page Size (PS) page table entry bit exists at all page table
levels other than L1. Its meaning is reserved in L4, and conditionally
reserved in L3 and L2 (depending on hardware capabilities). The
software page table walker in the hypervisor, however, so far ignored
that bit in L4 and (on respective hardware) L3 entries, resulting in
pages to be treated as page tables which the guest OS may not have
designated as such. If the page in question is writable by an
unprivileged user, then that user will be able to map arbitrary guest
memory.

On vulnerable OSes, guest user mode code may be able to establish
mappings of arbitrary memory inside the guest, allowing it to elevate
its privileges inside the guest.

See also :

http://xenbits.xen.org/xsa/advisory-176.html
http://www.nessus.org/u?ea8c2127

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 91936 ()

Bugtraq ID:

CVE ID: CVE-2016-4480

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now