Private bug reported:
UMIP: User Mode Instruction Prevention, part of NIs
User-Mode Instruction Prevetion feature could prevents a group of
intructions(sgdt, sidt, sldt, smsw, and str) from being executed when
CPL > 0(i.e. in user mode), if those instructions were executed when
CPL, a general protection fault would be issued.
UMIP could prevent userspace applications from accessing to system-wide
settings such as the global or local descriptor tables, the segment
selectors to the current task state and the local descriptor table.
Hiding these system resources reduces the tools available to craft
privilege escalation attacks.
Target Xen 4.10.
Xen: commit 293a0a1fd712b ("x86/cpufeatures: expose UMIP to HVM guests")
XTF: commit 24635d9265e7 ("Functional: Add a UMIP test")
** Affects: xen (Ubuntu)
Importance: Undecided
Status: New
** Tags: intel
** Information type changed from Public to Private
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1735480
Title:
Xen User Mode Instruction Prevention (UMIP)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1735480/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
