Date: Tue, 23 Nov 2010 16:46:42 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE request: xen: request-processing loop is unbounded in blkback If the frontend pass a bad index of production request, the backend will enter an endless loop and then cause a excessive CPU consumption. A Xen guest can cause the Xen host to be unresponsive. This issue has been fixed in upstream by: changeset: 391:77f831cbb91d user: Keir Fraser <keir.fraser@...rix.com> date: Fri Jan 18 16:52:25 2008 +0000 summary: blkback: Request-processing loop is unbounded and hence requires a http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/77f831cbb91d changeset: 392:7070d34f251c user: Keir Fraser <keir.fraser@...rix.com> date: Mon Jan 21 11:43:31 2008 +0000 summary: blkback/blktap: Check for kthread_should_stop() in inner loop, http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/7070d34f251c Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.