$NetBSD: patch-CVE-2013-4368,v 1.1 2013/10/22 19:41:58 drochner Exp $

http://lists.xenproject.org/archives/html/xen-devel/2013-10/msg00812.html

--- xen/arch/x86/traps.c.orig	2013-09-10 08:42:18.000000000 +0200
+++ xen/arch/x86/traps.c	2013-10-22 21:11:24.000000000 +0200
@@ -1965,10 +1965,10 @@ static int emulate_privileged_op(struct 
                     break;
                 }
             }
-            else
-                read_descriptor(data_sel, v, regs,
-                                &data_base, &data_limit, &ar,
-                                0);
+            else if ( !read_descriptor(data_sel, v, regs,
+                                       &data_base, &data_limit, &ar, 0) ||
+                      !(ar & _SEGMENT_S) || !(ar & _SEGMENT_P) )
+                goto fail;
             data_limit = ~0UL;
             ar = _SEGMENT_WR|_SEGMENT_S|_SEGMENT_DPL|_SEGMENT_P;
         }
