On 6/2/25 17:42, Jan Beulich wrote:
This is possible when:
1. The malicious domain has nested HVM capabilities.
2. The CPU is running on top of VMX and supports shadow VMCS.
To trigger the bug, the domain must first enable VMX operation for
itself, execute VMXON and then finally execute
On 02.06.2025 16:52, Manuel Andreas wrote:
> On 6/2/25 4:12 PM, Jan Beulich wrote:
>
>> On 02.06.2025 15:39, Manuel Andreas wrote:
>>> I've discovered an issue in the nested VMX implementation, where an
>>> unprivileged domain is able to force Xen to dereference a NULL pointer,
>>> resulting in a
On 6/2/25 4:12 PM, Jan Beulich wrote:
On 02.06.2025 15:39, Manuel Andreas wrote:
I've discovered an issue in the nested VMX implementation, where an
unprivileged domain is able to force Xen to dereference a NULL pointer,
resulting in a panic.
Sadly you provide no details on this NULL deref.
H
On 02.06.2025 15:39, Manuel Andreas wrote:
> I've discovered an issue in the nested VMX implementation, where an
> unprivileged domain is able to force Xen to dereference a NULL pointer,
> resulting in a panic.
Sadly you provide no details on this NULL deref.
> This is possible when:
>
> 1. T
Dear all,
I've discovered an issue in the nested VMX implementation, where an
unprivileged domain is able to force Xen to dereference a NULL pointer,
resulting in a panic.
This is possible when:
1. The malicious domain has nested HVM capabilities.
2. The CPU is running on top of VMX and supp
