WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] insufficiencies in pv kernel image validation

To: xen devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] insufficiencies in pv kernel image validation
From: MaoXiaoyun <tinnycloud@xxxxxxxxxxx>
Date: Tue, 17 May 2011 00:38:31 +0800
Delivery-date: Mon, 16 May 2011 09:39:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
Importance: Normal
In-reply-to: <BAY0-MC2-F46jsbFMAv00186193@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <BAY0-MC2-F46jsbFMAv00186193@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Hi:
 
   Documented in  https://bugzilla.redhat.com/show_bug.cgi?id=696927.
 
[[[   It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode() decode
routines did not properly check for possible buffer size overflow in the
decoding loop. Specially crafted kernel image file could be created that would
trigger allocation of a small buffer resulting in buffer overflow with user
supplied data.

Additionally, several integer overflows and lack of error/range checking that
could result in the loader reading its own address space or could lead to an
infinite loop have been found.

A privileged DomU user could use these flaws to cause denial of service or,
possibly, execute arbitrary code in Dom0.

Only management domains with 32-bit userland are vulnerable.
]]]
 
 The last line of above,  what is "management domains"?
 Does Xen 4.0/4.1 suffer this bug?
 And any patches available?
 
 Thanks.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>