Key Information About Vulnerability Advisory: XSA-111 Public Release: 2014-11-27 11:25 Updated: 2023-12-15 15:35 Version: 4 CVE(s): CVE-2014-8866 Title: Excessive checking in compatibility mode hypercall argument translation Issue Description The hypercall argument translation needed for 32-bit guests running on 64-bit hypervisors performs checks on the final register state. These checks cover all registers potentially holding hypercall arguments, potentially leading to issues when reused for HVM guests. Impact A buggy or malicious HVM guest can crash the host. Vulnerable Systems Xen Version: Xen 3.3 and onward Architecture: Only x86 systems are vulnerable. ARM systems are not vulnerable. Mitigation Running only PV guests will avoid this issue. No mitigation available for HVM guests on any version of Xen. Resolution Applying the appropriate patch resolves the issue. The provided patches are: for Xen 4.4.x for Xen 4.3.x for Xen 4.2.x Related Files advisery-111.txt (signed advisory file) xsall1-4.2.patch xsall1-4.3.patch xsall1.patch Credits Discovered by Jan Beulich of SUSE.