Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 23 Nov 2010 16:46:42 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: xen: request-processing loop is unbounded in blkback

If the frontend pass a bad index of production request, the backend will 
enter an endless loop and then cause a excessive CPU consumption. A Xen 
guest can cause the Xen host to be unresponsive.

This issue has been fixed in upstream by:
changeset:   391:77f831cbb91d
user:        Keir Fraser <keir.fraser@...rix.com>
date:        Fri Jan 18 16:52:25 2008 +0000
summary:     blkback: Request-processing loop is unbounded and hence 
requires a
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d

changeset:   392:7070d34f251c
user:        Keir Fraser <keir.fraser@...rix.com>
date:        Mon Jan 21 11:43:31 2008 +0000
summary:     blkback/blktap: Check for kthread_should_stop() in inner loop,
http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c

Thanks, Eugene

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.