Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Feb 2014 10:13:15 +0100
From: ┼╣micier Januszkiewicz <>
Subject: Re: Re: Xen Security Advisory 84 - integer overflow in
 several XSM/Flask hypercalls

The 4.1 patch also notes:

> The index of boolean variables in FLASK_{GET,SET}BOOL was not always checked against the bounds of the array.
> Reported-by: John McDermott <>

I wonder, is this something exploitable we should care about (e.g., a
crash triggered by out-of-bounds reads), or it is only some sort of
preventive measure?

2014/2/7 Jan Beulich <>:
>>>> On 06.02.14 at 18:23, <> wrote:
>> Hash: SHA1
>> We can provide the three CVE assignments for XSA-84 (as well as the
>> one CVE assignment for XSA-85 and the one CVE assignment for XSA-86).
>> However, could you please clarify:
>>> ====================
>>> Public release.
>>> The patch for 4.1 was extended to cover a few further similar issues.
>> Here, was the original scope of "The patch for 4.1" (before it was
>> extended) exclusively:
>>   "a different overflow issue on FLASK_{GET,SET}BOOL and expose
>>    unreasonably large memory allocation to arbitrary guests"
>> ? Or do you mean that, originally, the "patch for 4.1" addressed
>> another vulnerability, and this "different overflow issue" was one of
>> the version-2 extensions to the scope of XSA-84?
> The original patch was dealing with just the unbounded memory
> allocation. The missing bounds checking was what the incremental
> addition dealt with.
> Jan

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ