[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] insufficiencies in pv kernel image validation

  • To: xen devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: MaoXiaoyun <tinnycloud@xxxxxxxxxxx>
  • Date: Tue, 17 May 2011 00:38:31 +0800
  • Delivery-date: Mon, 16 May 2011 09:39:22 -0700
  • Importance: Normal
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

   Documented in  https://bugzilla.redhat.com/show_bug.cgi?id=696927.
[[[   It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode() decode
routines did not properly check for possible buffer size overflow in the
decoding loop. Specially crafted kernel image file could be created that would
trigger allocation of a small buffer resulting in buffer overflow with user
supplied data.

Additionally, several integer overflows and lack of error/range checking that
could result in the loader reading its own address space or could lead to an
infinite loop have been found.

A privileged DomU user could use these flaws to cause denial of service or,
possibly, execute arbitrary code in Dom0.

Only management domains with 32-bit userland are vulnerable.
 The last line of above,  what is "management domains"?
 Does Xen 4.0/4.1 suffer this bug?
 And any patches available?
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.