Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 21 May 2009 20:26:21 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: XEN local denial of service


More specific information on Xen's affected versions would be appreciated.
I made a guess based on the version that was released a few days after the
patch.

- Steve


======================================================
Name: CVE-2009-1758
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1758
Reference: MLIST:[Xen-devel] 20090513 [PATCH] linux/i386: hypervisor_callback adjustments
Reference: URL:http://lists.xensource.com/archives/html/xen-devel/2009-05/msg00561.html
Reference: MLIST:[oss-security] 20090514 CVE Request: XEN local denial of service
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/14/2

The hypervisor_callback function in Xen, possibly before 3.4.0, as
applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other
versions allows guest user applications to cause a denial of service
(kernel oops) of the guest OS by triggering a segmentation fault in
"certain address ranges."

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ