Date: Tue, 25 Mar 2014 10:35:44 +0000 From: Ian Campbell <Ian.Campbell@...rix.com> To: <cve-assign@...re.org> CC: <security@....org>, <oss-security@...ts.openwall.com> Subject: Re: Xen Security Advisory 90 - Linux netback crash trying to disable due to malformed packet On Mon, 2014-03-24 at 15:47 -0400, cve-assign@...re.org wrote: > > XSA-90 > > > it tries to disable the interface ... This involves taking a mutex ... > > sleeping is not allowed ... The end result is that the backend domain > > (often, Dom0) crashes with "scheduling while atomic". Malicious guest > > administrators can cause denial of service. > > Use CVE-2014-2580. Thanks. > > This bug was publicly reported on xen-devel, before it was appreciated > > that there was a security problem. The public mailing list thread > > nevertheless contains information strongly suggestive of a security > > bug, and a different security bug (with CVE) is suggested as seeming > > "similar". > > We didn't happen to notice a CVE ID of a similar bug within xen-devel. The first mail in the thread (<5324B182.70905@...rok.net>) had a link to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744#88 which was a bug relating to CVE-2013-0216. > In some cases, we would use that bug's CVE ID (if available) within a > "NOTE:" sentence at the end of a new vulnerability's CVE description. > > http://lists.xen.org/archives/html/xen-devel/2014-03/msg02707.html > says "by removing these checks we are introducing a way for a > malicious or buggy guest to trigger misbehaviour in the backend, > leading to e.g. a DoS" but we haven't tried to track down whether that > is directly applicable. This was review of a separate patch unrelated to the bug in question. HTH, Ian.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.