[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] insufficiencies in pv kernel image validation

2011/5/16 MaoXiaoyun <tinnycloud@xxxxxxxxxxx>:
> Hi:
>    Documented in  https://bugzilla.redhat.com/show_bug.cgi?id=696927.
> [[[   It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode()
> decode
> routines did not properly check for possible buffer size overflow in the
> decoding loop. Specially crafted kernel image file could be created that
> would
> trigger allocation of a small buffer resulting in buffer overflow with user
> supplied data.
> Additionally, several integer overflows and lack of error/range checking
> that
> could result in the loader reading its own address space or could lead to an
> infinite loop have been found.
> A privileged DomU user could use these flaws to cause denial of service or,
> possibly, execute arbitrary code in Dom0.
> Only management domains with 32-bit userland are vulnerable.
> ]]]
>  The last line of above,  what is "management domains"?
>  Does Xen 4.0/4.1 suffer this bug?
>  And any patches available?

Patches were committed to all maintained branches, including xen-3.4,
last Monday.

Keith Coleman

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.