Xen TLB Flush Bypass

Discussion in 'News Aggregator' started by Packet Storm, 11 Jul 2022.

  1. Packet Storm

    Packet Storm Guest

    Xen's _get_page_type() contains an ABAC cmpxchg() race, where the code incorrectly assumes that if it reads a specific type_info value, and then later cmpxchg() succeeds, the type_info can't have changed in between.

    Continue reading...
     

Share This Page

Loading...