Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 24 Nov 2010 08:06:00 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: xen: request-processing loop is
 unbounded in blkback

Please use CVE-2010-4247.

Thanks.

-- 
    JB


----- "Eugene Teo" <eugene@...hat.com> wrote:

> If the frontend pass a bad index of production request, the backend
> will 
> enter an endless loop and then cause a excessive CPU consumption. A
> Xen 
> guest can cause the Xen host to be unresponsive.
> 
> This issue has been fixed in upstream by:
> changeset:   391:77f831cbb91d
> user:        Keir Fraser <keir.fraser@...rix.com>
> date:        Fri Jan 18 16:52:25 2008 +0000
> summary:     blkback: Request-processing loop is unbounded and hence 
> requires a
> http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d
> 
> changeset:   392:7070d34f251c
> user:        Keir Fraser <keir.fraser@...rix.com>
> date:        Mon Jan 21 11:43:31 2008 +0000
> summary:     blkback/blktap: Check for kthread_should_stop() in inner
> loop,
> http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c
> 
> Thanks, Eugene

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ