[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] insufficiencies in pv kernel image validation


  • To: xen devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: MaoXiaoyun <tinnycloud@xxxxxxxxxxx>
  • Date: Tue, 17 May 2011 00:38:31 +0800
  • Delivery-date: Mon, 16 May 2011 09:39:22 -0700
  • Importance: Normal
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Hi:
 
   Documented in  https://bugzilla.redhat.com/show_bug.cgi?id=696927.
 
[[[   It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode() decode
routines did not properly check for possible buffer size overflow in the
decoding loop. Specially crafted kernel image file could be created that would
trigger allocation of a small buffer resulting in buffer overflow with user
supplied data.

Additionally, several integer overflows and lack of error/range checking that
could result in the loader reading its own address space or could lead to an
infinite loop have been found.

A privileged DomU user could use these flaws to cause denial of service or,
possibly, execute arbitrary code in Dom0.

Only management domains with 32-bit userland are vulnerable.
]]]
 
 The last line of above,  what is "management domains"?
 Does Xen 4.0/4.1 suffer this bug?
 And any patches available?
 
 Thanks.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.