This bug was only opened for reference. SLE and openSUSE are not affected by this issue.

                    Xen Security Advisory XSA-93

      Hardware features unintentionally exposed to guests on ARM

ISSUE DESCRIPTION
=================

When running on an ARM platform Xen was not correctly configuring the
hardware virtualisation platform and therefore did not prevent guests
from accessing various hardware features including cache control,
coprocessors, debug registers and various processor specific
registers.

IMPACT
======

By accessing these hardware facilities a malicious or buggy guest may
be able to cause various issues, including crashing the host, crashing
other guests (including control domains) and data corruption.

Privilege escalation is not thought to be possible but has not been
ruled out.

VULNERABLE SYSTEMS
==================

Both 32- and 64-bit ARM systems are vulnerable from Xen 4.4 onwards.

x86 systems are not vulnerable.

MITIGATION
==========

None.

NOTE REGARDING LACK OF EMBARGO
==============================

This bug was publicly reported on xen-devel, before it was appreciated
that there was a security problem.  The public mailing list thread
contains information strongly suggestive of a security bug and
included example code which can crash the host.

CREDITS
=======

The initial bug was discovered by Thomas Leonard and further followup
issues were discovered by Julien Grall.

RESOLUTION
==========

Applying the attached patches resolves this issue.

xsa93-unstable-{01..06}.patch        xen-unstable
xsa93-4.4-{01..06}.patch             Xen 4.4.x

Reference:
http://xenbits.xenproject.org/xsa/advisory-93.html