[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Xen-devel] insufficiencies in pv kernel image validation
- To: xen devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
- From: MaoXiaoyun <tinnycloud@xxxxxxxxxxx>
- Date: Tue, 17 May 2011 00:38:31 +0800
- Delivery-date: Mon, 16 May 2011 09:39:22 -0700
- Importance: Normal
- List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Hi:
Documented in https://bugzilla.redhat.com/show_bug.cgi?id=696927.
[[[ It has been found that xc_try_bzip2_decode() and xc_try_lzma_decode() decode
routines did not properly check for possible buffer size overflow in the
decoding loop. Specially crafted kernel image file could be created that would
trigger allocation of a small buffer resulting in buffer overflow with user
supplied data.
Additionally, several integer overflows and lack of error/range checking that
could result in the loader reading its own address space or could lead to an
infinite loop have been found.
A privileged DomU user could use these flaws to cause denial of service or,
possibly, execute arbitrary code in Dom0.
Only management domains with 32-bit userland are vulnerable.
]]]
The last line of above, what is "management domains"?
Does Xen 4.0/4.1 suffer this bug?
And any patches available?
Thanks.
|
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
