[kernel-xen] xen-4.2.0-6 now syncing to repos.
Steven Haigh
netwiz at crc.id.au
Fri Dec 7 18:53:47 EST 2012
*sigh* it never stops ;)
* Fri Dec 07 2012 Steven Haigh <netwiz at crc.id.au> - 4.2.0-6
- XSA 27 (CVE-2012-5511) - hvm: Limit the size of large HVM op batches
ISSUE DESCRIPTION
=================
Several HVM control operations do not check the size of their inputs
and can tie up a physical CPU for extended periods of time.
In addition dirty video RAM tracking involves clearing the bitmap
provided by the domain controlling the guest (e.g. dom0 or a
stubdom). If the size of that bitmap is overly large, an intermediate
variable on the hypervisor stack may overflow that stack.
IMPACT
======
A malicious guest administrator can cause Xen to become unresponsive
or to crash leading in either case to a Denial of Service.
VULNERABLE SYSTEMS
==================
All Xen versions from 3.4 onwards are vulnerable.
However Xen 4.2 and unstable are not vulnerable to the stack
overflow. Systems running either of these are not vulnerable to the
crash.
Version 3.4, 4.0 and 4.1 are vulnerable to both the stack overflow and
the physical CPU hang.
The vulnerability is only exposed to HVM guests.
--
Steven Haigh
Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
Fax: (03) 8338 0299
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4965 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.wireless.org.au/pipermail/kernel-xen/attachments/20121207/7e1a7ba3/attachment.p7s>
More information about the kernel-xen
mailing list