[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] x86 sinkhole exploit

On Fri, Aug 7, 2015 at 7:10 AM, Sarah Newman <srn@xxxxxxxxx> wrote:
> I've read https://github.com/xoreaxeaxeax/sinkhole/blob/master/sinkhole.asm 
> and it depends on wrmsr being usable with ecx = MSR_IA32_APICBASE. It
> looks like xen will reject this call even if made by the dom0. Is that 
> correct?

Yes -- maintaining control of the APIC is one of the critical things
Xen needs to be able to actually act as a hypervisor: pre-empting
guests and redirecting or queueing hardware interrupts to the proper

One potential place this might have been an issue is in the upcoming
APICv hardware extensions; but I've just had a chat with Andy Cooper
and he seems to think that the architectural vulnerability exploited
by sinkhole was closed in the processors that introduce that hardware

Summary: No Xen guest should be able to trigger this directly.

Obviously if someone manages to break into Xen itself, then the attack
will still work if the hardware is vulnerable.  And of course dom0 is
*typically* in control of the boot path, so if you manage to get into
dom0, you could boot into Linux (or a trojaned version of Xen) that
would then implement the exploit.


Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.