Date: Wed, 24 Nov 2010 08:06:00 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: xen: request-processing loop is unbounded in blkback Please use CVE-2010-4247. Thanks. -- JB ----- "Eugene Teo" <eugene@...hat.com> wrote: > If the frontend pass a bad index of production request, the backend > will > enter an endless loop and then cause a excessive CPU consumption. A > Xen > guest can cause the Xen host to be unresponsive. > > This issue has been fixed in upstream by: > changeset: 391:77f831cbb91d > user: Keir Fraser <keir.fraser@...rix.com> > date: Fri Jan 18 16:52:25 2008 +0000 > summary: blkback: Request-processing loop is unbounded and hence > requires a > http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d > > changeset: 392:7070d34f251c > user: Keir Fraser <keir.fraser@...rix.com> > date: Mon Jan 21 11:43:31 2008 +0000 > summary: blkback/blktap: Check for kthread_should_stop() in inner > loop, > http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c > > Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ