Xen Test Framework

Advisory: XSA-278

Between ac6a4500b (Xen 4.9) and XSA-278, Xen incorrectly handled its concept of "in VMX mode", and allowed the use of the VT-x instructions before VMXON had completed.

Check that when CR4.VMXE is viewed as clear, all other VT-x instructions raise #UD, and that when the VMX CPUID bit is clear, CR4.VMXE can't be enabled.

If Xen is vulnerable, it will most likely crash with a NULL pointer dereference.

See also