This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [linux-2.6.18-xen] CVE-2008-0600: Fix exploitable hole i

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [linux-2.6.18-xen] CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
From: "Xen patchbot-linux-2.6.18-xen" <patchbot-linux-2.6.18-xen@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Feb 2008 07:10:36 -0800
Delivery-date: Mon, 11 Feb 2008 07:12:11 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1202727927 0
# Node ID 08e85e79c65d0316bfda5e77e8a0dc7ab9ca181a
# Parent  90fbf541d772e9df4e7a4be3ed667d9bac5412c0
CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
Fix is Al Viro's suggested patch for RHEL5.
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
 fs/splice.c |    3 +++
 1 files changed, 3 insertions(+)

diff -r 90fbf541d772 -r 08e85e79c65d fs/splice.c
--- a/fs/splice.c       Mon Feb 11 10:19:25 2008 +0000
+++ b/fs/splice.c       Mon Feb 11 11:05:27 2008 +0000
@@ -1141,6 +1141,9 @@ static int get_iovec_page_array(const st
                if (unlikely(!base))
+               if (unlikely(!access_ok(VERIFY_READ, base, len)))
+                       break;
                 * Get this base offset and number of pages, then map
                 * in the user pages.

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [linux-2.6.18-xen] CVE-2008-0600: Fix exploitable hole in vmsplice() syscall., Xen patchbot-linux-2.6.18-xen <=