|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] PV privilege escalation - advisory
On Thu, Jun 14, 2012 at 3:07 PM, Peter Braun <xenware@xxxxxxxxx> wrote: > Is there some scenario how to test that our config is affected? Not that I know of. > > In this article: > http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/#more-4865 > is being mentioned about linux 2.6.16.5 is affected. > That part is about how other OS, when used on bare metal, is also vulnerable to the bug. Linux (again, when used in bare metal) should not be affected by the bug anymore. > Does this means that guest 2.6.18+ would be not able to abuse? I'm not sure. Reading RH's bugzilla page, it SEEMS to be so. Or to be accurate, when guests uses RHEL's kernel (which contain CVE-2005-1764 and CVE-2006-0744 fixes), those guests will not be able to abuse that bug. Since you use centos, I'm not sure what's the best way to confirm. Buy redhat support, perhaps, and ask them? -- Fajar _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |