Private bug reported:
UMIP: User Mode Instruction Prevention, part of NIs
User-Mode Instruction Prevetion feature could prevents a group of
intructions(sgdt, sidt, sldt, smsw, and str) from being executed when
CPL > 0(i.e. in user mode), if those instructions were executed when
CPL, a general protection fault would be issued.
UMIP could prevent userspace applications from accessing to system-wide
settings such as the global or local descriptor tables, the segment
selectors to the current task state and the local descriptor table.
Hiding these system resources reduces the tools available to craft
privilege escalation attacks.
Target Linux 4.15. Am told it's merged, but commit id# not known.
** Affects: xen (Ubuntu)
Importance: Undecided
Status: New
** Tags: intel
** Information type changed from Public to Private
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1735477
Title:
KVM User Mode Instruction Prevention (UMIP)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1735477/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
